11241100x8000000000000000523167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d750c3634126eaf12021-12-21 11:22:35.442root 11241100x8000000000000000523168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1ca55fe645fb282021-12-21 11:22:35.443root 11241100x8000000000000000523169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d00d05a4adfb4792021-12-21 11:22:35.443root 11241100x8000000000000000523170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767a3e939444dcb2021-12-21 11:22:35.443root 11241100x8000000000000000523171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12948d167190a0372021-12-21 11:22:35.942root 11241100x8000000000000000523172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b80aed21f76d32021-12-21 11:22:35.943root 11241100x8000000000000000523173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83de62be30bf7ea82021-12-21 11:22:35.943root 11241100x8000000000000000523174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee168cd157fb4c652021-12-21 11:22:35.943root 354300x8000000000000000523175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.181{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48450-false10.0.1.12-8000- 11241100x8000000000000000523176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:22:36.329root 11241100x8000000000000000523177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9735fccac2d639d12021-12-21 11:22:36.330root 11241100x8000000000000000523178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fb57ef9a8249332021-12-21 11:22:36.330root 11241100x8000000000000000523179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2edace4d162722021-12-21 11:22:36.330root 11241100x8000000000000000523180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd70c1d9eadca732021-12-21 11:22:36.330root 11241100x8000000000000000523181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283c22de109d3f9f2021-12-21 11:22:36.330root 11241100x8000000000000000523182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296c3d3ed26387112021-12-21 11:22:36.330root 11241100x8000000000000000523183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7664c1abd297622021-12-21 11:22:36.693root 11241100x8000000000000000523184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c0823596a0e46b2021-12-21 11:22:36.693root 11241100x8000000000000000523185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e082bd611f4ec2021-12-21 11:22:36.693root 11241100x8000000000000000523186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc5acbce53f85b02021-12-21 11:22:36.693root 11241100x8000000000000000523187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb2ae8cd43f52112021-12-21 11:22:36.693root 11241100x8000000000000000523188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35504b3fa7e1b49d2021-12-21 11:22:36.693root 11241100x8000000000000000523189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bb97ebf2a01b2d2021-12-21 11:22:37.193root 11241100x8000000000000000523190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cabff77344df7bc2021-12-21 11:22:37.193root 11241100x8000000000000000523191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ff4fc487a2e252021-12-21 11:22:37.193root 11241100x8000000000000000523192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2d0e461dcb3bb2021-12-21 11:22:37.193root 11241100x8000000000000000523193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac371f9bba3998382021-12-21 11:22:37.193root 11241100x8000000000000000523194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07985eb29300eef2021-12-21 11:22:37.193root 11241100x8000000000000000523195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9da4c7c28efab042021-12-21 11:22:37.693root 11241100x8000000000000000523196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbdd7231eedf0772021-12-21 11:22:37.693root 11241100x8000000000000000523197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da5be0397713f0a2021-12-21 11:22:37.693root 11241100x8000000000000000523198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32906af72ad97b62021-12-21 11:22:37.693root 11241100x8000000000000000523199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347edec2fdd2c1492021-12-21 11:22:37.693root 11241100x8000000000000000523200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66bb6a98f2c66bb2021-12-21 11:22:37.693root 11241100x8000000000000000523201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836ca626d4408acf2021-12-21 11:22:38.193root 11241100x8000000000000000523202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d278d742a9bde22021-12-21 11:22:38.193root 11241100x8000000000000000523203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b73c00b14e3a2ce2021-12-21 11:22:38.193root 11241100x8000000000000000523204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beee65e93aeb36342021-12-21 11:22:38.193root 11241100x8000000000000000523205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152868b1c5cf43d42021-12-21 11:22:38.193root 11241100x8000000000000000523206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b113577087c87a2021-12-21 11:22:38.193root 11241100x8000000000000000523207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d00e960941476b2021-12-21 11:22:38.693root 11241100x8000000000000000523208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7686d5c9c10836602021-12-21 11:22:38.693root 11241100x8000000000000000523209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d41c861f4d10492021-12-21 11:22:38.693root 11241100x8000000000000000523210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c73d9901c982012021-12-21 11:22:38.693root 11241100x8000000000000000523211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0a5916f70473ce2021-12-21 11:22:38.693root 11241100x8000000000000000523212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cde84f83af82862021-12-21 11:22:38.693root 11241100x8000000000000000523213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396036516b03f1f2021-12-21 11:22:39.193root 11241100x8000000000000000523214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dac29f65d2f2212021-12-21 11:22:39.193root 11241100x8000000000000000523215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad52d7c9d4008192021-12-21 11:22:39.193root 11241100x8000000000000000523216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e34c17e27358732021-12-21 11:22:39.193root 11241100x8000000000000000523217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319744080fffe8202021-12-21 11:22:39.193root 11241100x8000000000000000523218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598d7fff7c74486e2021-12-21 11:22:39.194root 23542300x8000000000000000523219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000523220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e5c4fa7e55ff12021-12-21 11:22:39.693root 11241100x8000000000000000523221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf450b7b824233f2021-12-21 11:22:39.693root 11241100x8000000000000000523222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6f7898ded953912021-12-21 11:22:39.693root 11241100x8000000000000000523223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84120c4f2e1728e92021-12-21 11:22:39.693root 11241100x8000000000000000523224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4605506a88e2b2d52021-12-21 11:22:39.693root 11241100x8000000000000000523225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1bb0326c12bacd2021-12-21 11:22:39.693root 11241100x8000000000000000523226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304316fa8afb77c02021-12-21 11:22:39.693root 11241100x8000000000000000523227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5584dd497b79922021-12-21 11:22:40.193root 11241100x8000000000000000523228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce679ac7b73778562021-12-21 11:22:40.193root 11241100x8000000000000000523229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b2f9428c774ecf2021-12-21 11:22:40.193root 11241100x8000000000000000523230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b0cbb6cfe63c082021-12-21 11:22:40.193root 11241100x8000000000000000523231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69866d8f0470bb602021-12-21 11:22:40.193root 11241100x8000000000000000523232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bf532c63d6b1892021-12-21 11:22:40.193root 11241100x8000000000000000523233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eddba9acffb1dc82021-12-21 11:22:40.193root 11241100x8000000000000000523234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a618191ae44a932021-12-21 11:22:40.693root 11241100x8000000000000000523235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3fd445bfc8a5732021-12-21 11:22:40.693root 11241100x8000000000000000523236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8053397d7e77a7872021-12-21 11:22:40.693root 11241100x8000000000000000523237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0a8d60b86ab03f2021-12-21 11:22:40.693root 11241100x8000000000000000523238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22021fce04509b32021-12-21 11:22:40.693root 11241100x8000000000000000523239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba118e826324d92021-12-21 11:22:40.693root 11241100x8000000000000000523240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573967766e82437e2021-12-21 11:22:40.693root 11241100x8000000000000000523241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffd80bf37f378fa2021-12-21 11:22:41.193root 11241100x8000000000000000523242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daa26651bb7626d2021-12-21 11:22:41.193root 11241100x8000000000000000523243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e09bf5474bb1b02021-12-21 11:22:41.193root 11241100x8000000000000000523244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e434d596bd45282021-12-21 11:22:41.193root 11241100x8000000000000000523245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b821cf6efb78e52021-12-21 11:22:41.193root 11241100x8000000000000000523246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c0edb4a5bffe82021-12-21 11:22:41.193root 11241100x8000000000000000523247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d22b61c33c44382021-12-21 11:22:41.194root 11241100x8000000000000000523248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdb501d7bf56e352021-12-21 11:22:41.693root 11241100x8000000000000000523249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca55c6bf2a3a2262021-12-21 11:22:41.693root 11241100x8000000000000000523250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a17121cb82c24aa2021-12-21 11:22:41.693root 11241100x8000000000000000523251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46730a91644f9a22021-12-21 11:22:41.694root 11241100x8000000000000000523252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285e476b8af204c22021-12-21 11:22:41.694root 11241100x8000000000000000523253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bd3c2797305c092021-12-21 11:22:41.695root 11241100x8000000000000000523254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca45bd6f4b749282021-12-21 11:22:41.695root 354300x8000000000000000523255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.027{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48452-false10.0.1.12-8000- 11241100x8000000000000000523256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cc8dd9c109f3062021-12-21 11:22:42.028root 11241100x8000000000000000523257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b473ac5014c68d182021-12-21 11:22:42.028root 11241100x8000000000000000523258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e404e376881e8692021-12-21 11:22:42.028root 11241100x8000000000000000523259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacb3b1adf53befa2021-12-21 11:22:42.029root 11241100x8000000000000000523260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d9e9ef390ae83c2021-12-21 11:22:42.029root 11241100x8000000000000000523261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79c06261b5f42462021-12-21 11:22:42.029root 11241100x8000000000000000523262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b2472829a921e2021-12-21 11:22:42.029root 11241100x8000000000000000523263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f9624106ee3b962021-12-21 11:22:42.029root 11241100x8000000000000000523264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e39c9a93620df52021-12-21 11:22:42.443root 11241100x8000000000000000523265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f8a9a71fba05482021-12-21 11:22:42.443root 11241100x8000000000000000523266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7dc38c362582b02021-12-21 11:22:42.443root 11241100x8000000000000000523267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6135bc5432cb0972021-12-21 11:22:42.443root 11241100x8000000000000000523268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a44426a69c253d2021-12-21 11:22:42.443root 11241100x8000000000000000523269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83c0b7ef9eb0c272021-12-21 11:22:42.443root 11241100x8000000000000000523270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb8e60b0e0fe3c2021-12-21 11:22:42.443root 11241100x8000000000000000523271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58044b2c0859c0872021-12-21 11:22:42.443root 11241100x8000000000000000523272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04467cba935ec522021-12-21 11:22:42.943root 11241100x8000000000000000523273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b83c55991a8d72021-12-21 11:22:42.943root 11241100x8000000000000000523274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deb8840acd812662021-12-21 11:22:42.943root 11241100x8000000000000000523275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fad14b56a149612021-12-21 11:22:42.943root 11241100x8000000000000000523276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6e0ab15904be702021-12-21 11:22:42.943root 11241100x8000000000000000523277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33dedd730b7e5542021-12-21 11:22:42.943root 11241100x8000000000000000523278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4255946d5712fa62021-12-21 11:22:42.943root 11241100x8000000000000000523279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac306ec56858aba32021-12-21 11:22:42.943root 11241100x8000000000000000523280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc427955c05557502021-12-21 11:22:43.443root 11241100x8000000000000000523281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75014f9c3d8a91e32021-12-21 11:22:43.443root 11241100x8000000000000000523282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf43dcb87b0abc132021-12-21 11:22:43.443root 11241100x8000000000000000523283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9f1f6cccf01b02021-12-21 11:22:43.443root 11241100x8000000000000000523284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d43688ca7e87df42021-12-21 11:22:43.443root 11241100x8000000000000000523285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf63900119e20ba2021-12-21 11:22:43.443root 11241100x8000000000000000523286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4370382005ed90ca2021-12-21 11:22:43.443root 11241100x8000000000000000523287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dbd2b1d3e0ce922021-12-21 11:22:43.443root 11241100x8000000000000000523288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09374bba18dea8ee2021-12-21 11:22:43.943root 11241100x8000000000000000523289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3d83db9dca28d92021-12-21 11:22:43.943root 11241100x8000000000000000523290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e910f6cdde77d62021-12-21 11:22:43.943root 11241100x8000000000000000523291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ca17a50c01963a2021-12-21 11:22:43.943root 11241100x8000000000000000523292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0590be0f60927b432021-12-21 11:22:43.943root 11241100x8000000000000000523293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf33fa2453a7aa2021-12-21 11:22:43.943root 11241100x8000000000000000523294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b5e68e684473ba2021-12-21 11:22:43.943root 11241100x8000000000000000523295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef8f4eeaa6a1a9c2021-12-21 11:22:43.943root 11241100x8000000000000000523296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0157be9cfbd5dd2021-12-21 11:22:44.443root 11241100x8000000000000000523297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1aac4cd442b8b92021-12-21 11:22:44.443root 11241100x8000000000000000523298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6d0f18e1725ae22021-12-21 11:22:44.443root 11241100x8000000000000000523299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14721a8132d115b72021-12-21 11:22:44.443root 11241100x8000000000000000523300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd9bb8e0b8777532021-12-21 11:22:44.443root 11241100x8000000000000000523301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68804272a518890d2021-12-21 11:22:44.443root 11241100x8000000000000000523302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b40a2357c1e702021-12-21 11:22:44.443root 11241100x8000000000000000523303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28fe5747e1dcf412021-12-21 11:22:44.443root 11241100x8000000000000000523304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec18af1ddef5b0b2021-12-21 11:22:44.943root 11241100x8000000000000000523305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff508783de7470952021-12-21 11:22:44.943root 11241100x8000000000000000523306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0a1011eb438d572021-12-21 11:22:44.943root 11241100x8000000000000000523307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a30fb706ced9bfa2021-12-21 11:22:44.943root 11241100x8000000000000000523308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414e4508e463f0c2021-12-21 11:22:44.943root 11241100x8000000000000000523309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184bac64d2a1ec412021-12-21 11:22:44.943root 11241100x8000000000000000523310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e77581a6bdd2b1f2021-12-21 11:22:44.943root 11241100x8000000000000000523311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776690814710fed22021-12-21 11:22:44.943root 11241100x8000000000000000523312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb869557f87d17a2021-12-21 11:22:45.443root 11241100x8000000000000000523313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c5e204e5f5a5cc2021-12-21 11:22:45.443root 11241100x8000000000000000523314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2d6745fa0245422021-12-21 11:22:45.443root 11241100x8000000000000000523315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001b11a5f12a30212021-12-21 11:22:45.443root 11241100x8000000000000000523316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59df4fb005f225472021-12-21 11:22:45.443root 11241100x8000000000000000523317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162be534861d9ff12021-12-21 11:22:45.443root 11241100x8000000000000000523318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128994c5134c8ee92021-12-21 11:22:45.443root 11241100x8000000000000000523319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c031f24ccd2a20a2021-12-21 11:22:45.443root 11241100x8000000000000000523320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26adf100d3e0fcf72021-12-21 11:22:45.943root 11241100x8000000000000000523321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4114cced55a65eb22021-12-21 11:22:45.943root 11241100x8000000000000000523322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c88cad77af834352021-12-21 11:22:45.943root 11241100x8000000000000000523323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e512df39474bcfca2021-12-21 11:22:45.943root 11241100x8000000000000000523324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deefe45c53fb5852021-12-21 11:22:45.943root 11241100x8000000000000000523325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc09bee77b981d002021-12-21 11:22:45.943root 11241100x8000000000000000523326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7398357a7900fe702021-12-21 11:22:45.943root 11241100x8000000000000000523327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2f19a5d13961c2021-12-21 11:22:45.944root 11241100x8000000000000000523328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407bd5ec82db1aa2021-12-21 11:22:46.443root 11241100x8000000000000000523329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dc89cbd42ae6902021-12-21 11:22:46.443root 11241100x8000000000000000523330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048418ce1610e08e2021-12-21 11:22:46.443root 11241100x8000000000000000523331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d751e8978f59332021-12-21 11:22:46.443root 11241100x8000000000000000523332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b92be7cc8c44cc2021-12-21 11:22:46.443root 11241100x8000000000000000523333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86afa1e61738490e2021-12-21 11:22:46.443root 11241100x8000000000000000523334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffdb50dbe15ca702021-12-21 11:22:46.443root 11241100x8000000000000000523335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2a9e8b3ab03b22021-12-21 11:22:46.443root 11241100x8000000000000000523336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6909789d8f1b44642021-12-21 11:22:46.943root 11241100x8000000000000000523337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33c846f67ded9332021-12-21 11:22:46.943root 11241100x8000000000000000523338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86ccdfacebe6b3c2021-12-21 11:22:46.943root 11241100x8000000000000000523339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf476d4668d41c12021-12-21 11:22:46.943root 11241100x8000000000000000523340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a6f29603a9daab2021-12-21 11:22:46.943root 11241100x8000000000000000523341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb17fe300097942021-12-21 11:22:46.943root 11241100x8000000000000000523342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1109d52577d8e2a2021-12-21 11:22:46.943root 11241100x8000000000000000523343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffff4ec0998969b2021-12-21 11:22:46.943root 354300x8000000000000000523344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48454-false10.0.1.12-8000- 11241100x8000000000000000523345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ff10b1a546f72b2021-12-21 11:22:47.443root 11241100x8000000000000000523346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638402b2be0bb09f2021-12-21 11:22:47.443root 11241100x8000000000000000523347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b380a5b98d57caba2021-12-21 11:22:47.443root 11241100x8000000000000000523348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1bdd1c3170a0d22021-12-21 11:22:47.443root 11241100x8000000000000000523349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b6d278a67d9822021-12-21 11:22:47.443root 11241100x8000000000000000523350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13101401fb6da6552021-12-21 11:22:47.443root 11241100x8000000000000000523351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5533b625a888482021-12-21 11:22:47.443root 11241100x8000000000000000523352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583510ad0d3c33a82021-12-21 11:22:47.443root 11241100x8000000000000000523353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dae046c8320bb52021-12-21 11:22:47.443root 11241100x8000000000000000523354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941372a0a76b8fad2021-12-21 11:22:47.943root 11241100x8000000000000000523355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20430f063059f5f82021-12-21 11:22:47.943root 11241100x8000000000000000523356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf8edf953ffdb02021-12-21 11:22:47.943root 11241100x8000000000000000523357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1861b13edfd4b292021-12-21 11:22:47.943root 11241100x8000000000000000523358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60291b77a1ad90e12021-12-21 11:22:47.943root 11241100x8000000000000000523359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0a31eb08e302c52021-12-21 11:22:47.943root 11241100x8000000000000000523360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987343bd77f700ce2021-12-21 11:22:47.943root 11241100x8000000000000000523361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d729f69123cbd12021-12-21 11:22:47.943root 11241100x8000000000000000523362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5355787aa7572822021-12-21 11:22:47.944root 11241100x8000000000000000523363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb3088e7246db7d2021-12-21 11:22:48.443root 11241100x8000000000000000523364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d5d5ebf6ddc9672021-12-21 11:22:48.443root 11241100x8000000000000000523365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e070bc74a51c56b32021-12-21 11:22:48.443root 11241100x8000000000000000523366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5c8a706a01f792021-12-21 11:22:48.443root 11241100x8000000000000000523367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8455eeed63136f2021-12-21 11:22:48.443root 11241100x8000000000000000523368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671cb6e147efd052021-12-21 11:22:48.443root 11241100x8000000000000000523369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1092203b43c5b9792021-12-21 11:22:48.443root 11241100x8000000000000000523370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad69df3ea44942d2021-12-21 11:22:48.444root 11241100x8000000000000000523371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e99411e2fb1cee32021-12-21 11:22:48.444root 11241100x8000000000000000523372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf393f6e56f55be2021-12-21 11:22:48.943root 11241100x8000000000000000523373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a41a2002a0eaa82021-12-21 11:22:48.943root 11241100x8000000000000000523374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13333103aae6b92021-12-21 11:22:48.943root 11241100x8000000000000000523375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52121f3f21ddc40e2021-12-21 11:22:48.943root 11241100x8000000000000000523376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c538b5e48501572021-12-21 11:22:48.943root 11241100x8000000000000000523377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425145ce81eef6c2021-12-21 11:22:48.943root 11241100x8000000000000000523378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb44c2566e3de6f2021-12-21 11:22:48.943root 11241100x8000000000000000523379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850ec511e80792162021-12-21 11:22:48.944root 11241100x8000000000000000523380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7bf506baa849012021-12-21 11:22:48.944root 11241100x8000000000000000523381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8e81a36c3da042021-12-21 11:22:49.443root 11241100x8000000000000000523382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f239fd4de8f2582021-12-21 11:22:49.443root 11241100x8000000000000000523383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a99cc6d8152eb72021-12-21 11:22:49.443root 11241100x8000000000000000523384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fe5eef4101afe72021-12-21 11:22:49.443root 11241100x8000000000000000523385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996e14b37fe0cb5e2021-12-21 11:22:49.443root 11241100x8000000000000000523386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefb6d3db1d9bd912021-12-21 11:22:49.444root 11241100x8000000000000000523387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1cda3da06a2042021-12-21 11:22:49.444root 11241100x8000000000000000523388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac3fdf589361722021-12-21 11:22:49.444root 11241100x8000000000000000523389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942f1e80899b8062021-12-21 11:22:49.444root 11241100x8000000000000000523390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875756fabbcacaa52021-12-21 11:22:49.943root 11241100x8000000000000000523391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b127e66114c7d72021-12-21 11:22:49.943root 11241100x8000000000000000523392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ee551ec19a82122021-12-21 11:22:49.943root 11241100x8000000000000000523393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c2be245711e482021-12-21 11:22:49.943root 11241100x8000000000000000523394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815f89cd425054752021-12-21 11:22:49.943root 11241100x8000000000000000523395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656250ab4e15ffea2021-12-21 11:22:49.943root 11241100x8000000000000000523396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46dbbc8aa97fd1d2021-12-21 11:22:49.944root 11241100x8000000000000000523397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd61cd57570994b12021-12-21 11:22:49.944root 11241100x8000000000000000523398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb2448ef75c4e242021-12-21 11:22:49.944root 11241100x8000000000000000523399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c8c9800867277f2021-12-21 11:22:50.443root 11241100x8000000000000000523400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80437f75d47ad8802021-12-21 11:22:50.443root 11241100x8000000000000000523401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afba97a5db670ca2021-12-21 11:22:50.443root 11241100x8000000000000000523402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c47279c1d89d62021-12-21 11:22:50.443root 11241100x8000000000000000523403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d60c2ff5b48cb2021-12-21 11:22:50.443root 11241100x8000000000000000523404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5486f608d147eb2021-12-21 11:22:50.443root 11241100x8000000000000000523405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb34e8b46a380d2021-12-21 11:22:50.443root 11241100x8000000000000000523406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72159d61848e36462021-12-21 11:22:50.444root 11241100x8000000000000000523407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7cc3e6013b9d752021-12-21 11:22:50.444root 11241100x8000000000000000523408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47cf7c1ce0aef442021-12-21 11:22:50.943root 11241100x8000000000000000523409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e2543d3191505f2021-12-21 11:22:50.943root 11241100x8000000000000000523410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e348457993354372021-12-21 11:22:50.943root 11241100x8000000000000000523411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a514d9b0a6eda622021-12-21 11:22:50.943root 11241100x8000000000000000523412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f389210628df2dd2021-12-21 11:22:50.943root 11241100x8000000000000000523413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3478d870c4462792021-12-21 11:22:50.944root 11241100x8000000000000000523414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bc6351c13610412021-12-21 11:22:50.944root 11241100x8000000000000000523415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9459e05892b1aef2021-12-21 11:22:50.944root 11241100x8000000000000000523416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ec6d78604042742021-12-21 11:22:50.944root 11241100x8000000000000000523417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28a29e03aa6f0d2021-12-21 11:22:51.443root 11241100x8000000000000000523418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f95bc959a25c3e92021-12-21 11:22:51.443root 11241100x8000000000000000523419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c346e9a93b1fe2021-12-21 11:22:51.443root 11241100x8000000000000000523420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37565a1e64378ae2021-12-21 11:22:51.443root 11241100x8000000000000000523421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c0d70b065e8f4f2021-12-21 11:22:51.443root 11241100x8000000000000000523422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb23ee7b0fb3e72021-12-21 11:22:51.443root 11241100x8000000000000000523423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55605f4177c402ec2021-12-21 11:22:51.443root 11241100x8000000000000000523424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca92ee4a9d33ff5c2021-12-21 11:22:51.443root 11241100x8000000000000000523425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceb85383356b9a22021-12-21 11:22:51.443root 11241100x8000000000000000523426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd8efe7616ae242021-12-21 11:22:51.943root 11241100x8000000000000000523427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a472bcc8c6f8c90a2021-12-21 11:22:51.943root 11241100x8000000000000000523428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae85b90b59e192712021-12-21 11:22:51.943root 11241100x8000000000000000523429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbb1f72efb30f62021-12-21 11:22:51.943root 11241100x8000000000000000523430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6181d9320c125052021-12-21 11:22:51.943root 11241100x8000000000000000523431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e18843c74cf54c2021-12-21 11:22:51.943root 11241100x8000000000000000523432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8fa27f44411d32021-12-21 11:22:51.943root 11241100x8000000000000000523433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b64e6cc1183f26c2021-12-21 11:22:51.943root 11241100x8000000000000000523434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229b8e94b5dfefe12021-12-21 11:22:51.943root 11241100x8000000000000000523435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d6610ada6a35862021-12-21 11:22:52.443root 11241100x8000000000000000523436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0b9b905d4067b82021-12-21 11:22:52.443root 11241100x8000000000000000523437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ccf3d17ac183b2021-12-21 11:22:52.443root 11241100x8000000000000000523438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7141ce7f58d8e5b2021-12-21 11:22:52.443root 11241100x8000000000000000523439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e474b9af92ede42021-12-21 11:22:52.443root 11241100x8000000000000000523440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc25de6474e69992021-12-21 11:22:52.443root 11241100x8000000000000000523441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe735ed72f7ffe02021-12-21 11:22:52.443root 11241100x8000000000000000523442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12aa8d3924e092c2021-12-21 11:22:52.443root 11241100x8000000000000000523443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19ffa427fa586222021-12-21 11:22:52.443root 11241100x8000000000000000523444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb19b0e2117f9e232021-12-21 11:22:52.943root 11241100x8000000000000000523445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da328cf68215c3952021-12-21 11:22:52.943root 11241100x8000000000000000523446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8a554318c4fa4f2021-12-21 11:22:52.943root 11241100x8000000000000000523447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4c550a449897372021-12-21 11:22:52.943root 11241100x8000000000000000523448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfcf3c752f9037b2021-12-21 11:22:52.943root 11241100x8000000000000000523449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e321852535b7a67c2021-12-21 11:22:52.943root 11241100x8000000000000000523450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b511920c00806e02021-12-21 11:22:52.943root 11241100x8000000000000000523451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bacd8ac1537b0ef2021-12-21 11:22:52.943root 11241100x8000000000000000523452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c98e1f27c6f2d62021-12-21 11:22:52.943root 354300x8000000000000000523453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48456-false10.0.1.12-8000- 11241100x8000000000000000523454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f02960f21cb9c1d2021-12-21 11:22:53.443root 11241100x8000000000000000523455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57be8016ee6d43cb2021-12-21 11:22:53.443root 11241100x8000000000000000523456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3595d9841cecde2021-12-21 11:22:53.443root 11241100x8000000000000000523457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3051f0bc388904352021-12-21 11:22:53.443root 11241100x8000000000000000523458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66da2477b78c13d52021-12-21 11:22:53.443root 11241100x8000000000000000523459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c7856b826d89f82021-12-21 11:22:53.444root 11241100x8000000000000000523460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9ad409c19da9e2021-12-21 11:22:53.444root 11241100x8000000000000000523461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b36d4dbbb471b2021-12-21 11:22:53.444root 11241100x8000000000000000523462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980f90c607592772021-12-21 11:22:53.444root 11241100x8000000000000000523463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee0d8b3f276b61c2021-12-21 11:22:53.444root 11241100x8000000000000000523464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3e0ec52fbd4ef2021-12-21 11:22:53.943root 11241100x8000000000000000523465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eeaa2bc1f07c032021-12-21 11:22:53.943root 11241100x8000000000000000523466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97aa119da619e242021-12-21 11:22:53.943root 11241100x8000000000000000523467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cd1cf0667b69d62021-12-21 11:22:53.943root 11241100x8000000000000000523468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12263dcd13267062021-12-21 11:22:53.943root 11241100x8000000000000000523469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318e5efdf28d55202021-12-21 11:22:53.943root 11241100x8000000000000000523470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d0bb0663aa9992021-12-21 11:22:53.943root 11241100x8000000000000000523471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caf7512dabe508a2021-12-21 11:22:53.943root 11241100x8000000000000000523472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3d8bff1c4ad3d92021-12-21 11:22:53.943root 11241100x8000000000000000523473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a15f1fe147471b22021-12-21 11:22:53.943root 11241100x8000000000000000523474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c38f7112d0acc92021-12-21 11:22:54.443root 11241100x8000000000000000523475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53439081d77e362021-12-21 11:22:54.443root 11241100x8000000000000000523476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc00f7c3dc6e7f2021-12-21 11:22:54.443root 11241100x8000000000000000523477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22992b8bd0bd702021-12-21 11:22:54.443root 11241100x8000000000000000523478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6443ec599c586f32021-12-21 11:22:54.443root 11241100x8000000000000000523479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb55b45aee10b22021-12-21 11:22:54.443root 11241100x8000000000000000523480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4df8577f0f97852021-12-21 11:22:54.443root 11241100x8000000000000000523481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db53f477a6beac612021-12-21 11:22:54.443root 11241100x8000000000000000523482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f817fa72af9ba7cb2021-12-21 11:22:54.443root 11241100x8000000000000000523483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248f844d19d137bb2021-12-21 11:22:54.443root 11241100x8000000000000000523484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9acd904c7142a2021-12-21 11:22:54.943root 11241100x8000000000000000523485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a3a4c07244c992021-12-21 11:22:54.943root 11241100x8000000000000000523486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70099b3770be5c302021-12-21 11:22:54.943root 11241100x8000000000000000523487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d70c9f376809d92021-12-21 11:22:54.943root 11241100x8000000000000000523488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4df93fd620938152021-12-21 11:22:54.943root 11241100x8000000000000000523489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a286a973bb625732021-12-21 11:22:54.943root 11241100x8000000000000000523490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65872163e1f9d2442021-12-21 11:22:54.943root 11241100x8000000000000000523491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39948d4d1e68231f2021-12-21 11:22:54.943root 11241100x8000000000000000523492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572825f0fb60b12f2021-12-21 11:22:54.943root 11241100x8000000000000000523493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4995719596633c2021-12-21 11:22:54.944root 11241100x8000000000000000523494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9ba0bc8e9504272021-12-21 11:22:55.443root 11241100x8000000000000000523495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73709b84b6f862f2021-12-21 11:22:55.443root 11241100x8000000000000000523496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a5cc06b9d176202021-12-21 11:22:55.443root 11241100x8000000000000000523497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46e094939d3c3322021-12-21 11:22:55.443root 11241100x8000000000000000523498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f552d72ab42280de2021-12-21 11:22:55.443root 11241100x8000000000000000523499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6d644f8e560f032021-12-21 11:22:55.443root 11241100x8000000000000000523500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b44c3d9c28dcb2021-12-21 11:22:55.443root 11241100x8000000000000000523501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1003acacfc45b802021-12-21 11:22:55.443root 11241100x8000000000000000523502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06adc080c91a97d2021-12-21 11:22:55.444root 11241100x8000000000000000523503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928b19eb5b54727f2021-12-21 11:22:55.444root 11241100x8000000000000000523504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d6749011fd76d2021-12-21 11:22:55.943root 11241100x8000000000000000523505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d08fdaa696d3272021-12-21 11:22:55.943root 11241100x8000000000000000523506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe3cd39031bba82021-12-21 11:22:55.943root 11241100x8000000000000000523507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9af9c87b3aa2ad92021-12-21 11:22:55.943root 11241100x8000000000000000523508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60498580f151233d2021-12-21 11:22:55.943root 11241100x8000000000000000523509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdb17a14fe577f02021-12-21 11:22:55.943root 11241100x8000000000000000523510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dffcb2a665b54632021-12-21 11:22:55.943root 11241100x8000000000000000523511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d1cb99502a4c42021-12-21 11:22:55.943root 11241100x8000000000000000523512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c06eb52b9d962f22021-12-21 11:22:55.943root 11241100x8000000000000000523513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c04c168212d69e2021-12-21 11:22:55.943root 11241100x8000000000000000523514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe14d14a23527202021-12-21 11:22:56.443root 11241100x8000000000000000523515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ab0aa915f0d842021-12-21 11:22:56.443root 11241100x8000000000000000523516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252655044d3753202021-12-21 11:22:56.443root 11241100x8000000000000000523517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32220e660829c4762021-12-21 11:22:56.443root 11241100x8000000000000000523518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef44c84d192f8bd2021-12-21 11:22:56.443root 11241100x8000000000000000523519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e5b6030829e9412021-12-21 11:22:56.443root 11241100x8000000000000000523520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb34d4a5f833d52021-12-21 11:22:56.443root 11241100x8000000000000000523521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092b9a6d94a159ea2021-12-21 11:22:56.443root 11241100x8000000000000000523522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d379e931ac1c943a2021-12-21 11:22:56.443root 11241100x8000000000000000523523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd3a03b60f802fd2021-12-21 11:22:56.443root 11241100x8000000000000000523524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cd2b853240c0882021-12-21 11:22:56.943root 11241100x8000000000000000523525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8842b58781116542021-12-21 11:22:56.943root 11241100x8000000000000000523526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3962c1ed1f5cedb2021-12-21 11:22:56.943root 11241100x8000000000000000523527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6731a70acc3602132021-12-21 11:22:56.943root 11241100x8000000000000000523528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076d5af265352e22021-12-21 11:22:56.943root 11241100x8000000000000000523529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5327aff5b061cbec2021-12-21 11:22:56.943root 11241100x8000000000000000523530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bcb94ee37472f52021-12-21 11:22:56.943root 11241100x8000000000000000523531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26215036af4dfea22021-12-21 11:22:56.943root 11241100x8000000000000000523532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56541b59af70f35f2021-12-21 11:22:56.943root 11241100x8000000000000000523533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdbac26b240d66c2021-12-21 11:22:56.943root 11241100x8000000000000000523534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5779442d838bf52021-12-21 11:22:57.443root 11241100x8000000000000000523535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2f975e74b5fc892021-12-21 11:22:57.443root 11241100x8000000000000000523536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef7764fc270ec22021-12-21 11:22:57.443root 11241100x8000000000000000523537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd8b8314037336b2021-12-21 11:22:57.443root 11241100x8000000000000000523538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01f6e19734a381a2021-12-21 11:22:57.443root 11241100x8000000000000000523539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7735ed50d806c4602021-12-21 11:22:57.443root 11241100x8000000000000000523540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601c48b06145d2cb2021-12-21 11:22:57.444root 11241100x8000000000000000523541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c2edc4067a303c2021-12-21 11:22:57.444root 11241100x8000000000000000523542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97326193d46b262021-12-21 11:22:57.444root 11241100x8000000000000000523543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16318c6a8db655292021-12-21 11:22:57.444root 11241100x8000000000000000523544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f241983b8b910cfb2021-12-21 11:22:57.943root 11241100x8000000000000000523545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3228613d0a6da172021-12-21 11:22:57.943root 11241100x8000000000000000523546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818e31c89dcf58b2021-12-21 11:22:57.943root 11241100x8000000000000000523547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d66d0d5365c2b52021-12-21 11:22:57.943root 11241100x8000000000000000523548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8452cc87d26e55182021-12-21 11:22:57.943root 11241100x8000000000000000523549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff53113dfb7d4d2021-12-21 11:22:57.943root 11241100x8000000000000000523550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2abd635addb8272021-12-21 11:22:57.943root 11241100x8000000000000000523551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da76d1aef34df6d2021-12-21 11:22:57.943root 11241100x8000000000000000523552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988cdc4e7e5a7692021-12-21 11:22:57.944root 11241100x8000000000000000523553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab761f598e6ee7b02021-12-21 11:22:57.944root 354300x8000000000000000523554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.172{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48458-false10.0.1.12-8000- 11241100x8000000000000000523555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f759fe000b5d0be2021-12-21 11:22:58.443root 11241100x8000000000000000523556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7052ce80d4aa2722021-12-21 11:22:58.443root 11241100x8000000000000000523557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab5bc0eb0e796fc2021-12-21 11:22:58.443root 11241100x8000000000000000523558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d2fdae6efe27c2021-12-21 11:22:58.443root 11241100x8000000000000000523559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31264c93634f4d02021-12-21 11:22:58.443root 11241100x8000000000000000523560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beda13b512fa02842021-12-21 11:22:58.443root 11241100x8000000000000000523561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d39f7c63b7c12082021-12-21 11:22:58.443root 11241100x8000000000000000523562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdc0a104090d74b2021-12-21 11:22:58.443root 11241100x8000000000000000523563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f9da7dc4a307a52021-12-21 11:22:58.443root 11241100x8000000000000000523564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b13ad215567b2ef2021-12-21 11:22:58.444root 11241100x8000000000000000523565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98df291942feee2021-12-21 11:22:58.444root 11241100x8000000000000000523566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4340affe76d73a6d2021-12-21 11:22:58.943root 11241100x8000000000000000523567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60439545f7fe5352021-12-21 11:22:58.943root 11241100x8000000000000000523568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be83d5290d5a852021-12-21 11:22:58.943root 11241100x8000000000000000523569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d0d58485e6219d2021-12-21 11:22:58.943root 11241100x8000000000000000523570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bb1863ef0214722021-12-21 11:22:58.943root 11241100x8000000000000000523571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f662d6ad547eb92021-12-21 11:22:58.943root 11241100x8000000000000000523572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b59a0cf4cb512a2021-12-21 11:22:58.943root 11241100x8000000000000000523573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c4f82c071748c52021-12-21 11:22:58.943root 11241100x8000000000000000523574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0f8395c7f6dbeb2021-12-21 11:22:58.943root 11241100x8000000000000000523575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c015a3435464242021-12-21 11:22:58.944root 11241100x8000000000000000523576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7b0cbd4fbcf58d2021-12-21 11:22:58.944root 11241100x8000000000000000523577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be8863de6fe73d2021-12-21 11:22:59.443root 11241100x8000000000000000523578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a38cda40eb6d96a2021-12-21 11:22:59.443root 11241100x8000000000000000523579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43cb661dc94034f2021-12-21 11:22:59.443root 11241100x8000000000000000523580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7871c4a53ac9842021-12-21 11:22:59.443root 11241100x8000000000000000523581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441de48e1381dd022021-12-21 11:22:59.443root 11241100x8000000000000000523582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea5468fb6c01562021-12-21 11:22:59.443root 11241100x8000000000000000523583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a594bb126e4f76c2021-12-21 11:22:59.443root 11241100x8000000000000000523584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88c2077773efe362021-12-21 11:22:59.444root 11241100x8000000000000000523585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ffb8f4f10857682021-12-21 11:22:59.444root 11241100x8000000000000000523586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bf8056fe143c1e2021-12-21 11:22:59.444root 11241100x8000000000000000523587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ccc2fcb521c6c62021-12-21 11:22:59.444root 11241100x8000000000000000523588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695220e6b3168c0e2021-12-21 11:22:59.943root 11241100x8000000000000000523589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a413e9ae0f64f32021-12-21 11:22:59.943root 11241100x8000000000000000523590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dc7017dc82cd8f2021-12-21 11:22:59.943root 11241100x8000000000000000523591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b55dd2c852cbcd2021-12-21 11:22:59.943root 11241100x8000000000000000523592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17fe44a2df3fbb2021-12-21 11:22:59.943root 11241100x8000000000000000523593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c96a0739cfb86e2021-12-21 11:22:59.943root 11241100x8000000000000000523594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718dd9ba2c5317b42021-12-21 11:22:59.943root 11241100x8000000000000000523595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6f5dc47042c4662021-12-21 11:22:59.943root 11241100x8000000000000000523596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7103feba06e9ce22021-12-21 11:22:59.943root 11241100x8000000000000000523597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335e624577cb0e602021-12-21 11:22:59.943root 11241100x8000000000000000523598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7df1977af38692021-12-21 11:22:59.944root 11241100x8000000000000000523599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8323ea17a4410d92021-12-21 11:23:00.443root 11241100x8000000000000000523600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c70518ffb39bd652021-12-21 11:23:00.443root 11241100x8000000000000000523601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6466fa88e52d9b2021-12-21 11:23:00.443root 11241100x8000000000000000523602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740300dc1de50422021-12-21 11:23:00.444root 11241100x8000000000000000523603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dae34aa806f596e2021-12-21 11:23:00.444root 11241100x8000000000000000523604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f48bec4c7b0c8fa2021-12-21 11:23:00.444root 11241100x8000000000000000523605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3ae66ee63737522021-12-21 11:23:00.444root 11241100x8000000000000000523606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484499b898365d462021-12-21 11:23:00.444root 11241100x8000000000000000523607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e24680265e30c32021-12-21 11:23:00.444root 11241100x8000000000000000523608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7ff157ae5cc1332021-12-21 11:23:00.444root 11241100x8000000000000000523609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1a34a47e1cab42021-12-21 11:23:00.445root 11241100x8000000000000000523610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d94e04bc566b0c2021-12-21 11:23:00.943root 11241100x8000000000000000523611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08d8de14c2b0562021-12-21 11:23:00.944root 11241100x8000000000000000523612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d5fd0cfcd7eef02021-12-21 11:23:00.944root 11241100x8000000000000000523613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36be1bfa79a660812021-12-21 11:23:00.944root 11241100x8000000000000000523614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4312429ba7585e0a2021-12-21 11:23:00.945root 11241100x8000000000000000523615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bcf099b7c3ff8d2021-12-21 11:23:00.945root 11241100x8000000000000000523616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b509d734e3f242021-12-21 11:23:00.945root 11241100x8000000000000000523617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b194fcf5d4d1b6da2021-12-21 11:23:00.945root 11241100x8000000000000000523618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df771dde51918c812021-12-21 11:23:00.946root 11241100x8000000000000000523619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52fee96a09b7b422021-12-21 11:23:00.946root 11241100x8000000000000000523620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d8ae4dbb10a30f2021-12-21 11:23:00.946root 11241100x8000000000000000523621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f775fc92aaac822021-12-21 11:23:01.443root 11241100x8000000000000000523622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c3aa751c0f2f72021-12-21 11:23:01.443root 11241100x8000000000000000523623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ed038507aeed742021-12-21 11:23:01.443root 11241100x8000000000000000523624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf0376359cade4d2021-12-21 11:23:01.443root 11241100x8000000000000000523625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cdda89d72776d42021-12-21 11:23:01.443root 11241100x8000000000000000523626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a752ec5240dbce262021-12-21 11:23:01.443root 11241100x8000000000000000523627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cd9256e2423f652021-12-21 11:23:01.444root 11241100x8000000000000000523628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e995d935f8682c92021-12-21 11:23:01.444root 11241100x8000000000000000523629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a4dd63637336ee2021-12-21 11:23:01.444root 11241100x8000000000000000523630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09fb1978bc6755f2021-12-21 11:23:01.444root 11241100x8000000000000000523631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae9337aebd959ef2021-12-21 11:23:01.444root 11241100x8000000000000000523632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e068dd263a67b62021-12-21 11:23:01.943root 11241100x8000000000000000523633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5735968b08707e9c2021-12-21 11:23:01.943root 11241100x8000000000000000523634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b6fd59339bb242021-12-21 11:23:01.943root 11241100x8000000000000000523635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7547e8737661b382021-12-21 11:23:01.943root 11241100x8000000000000000523636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2218ee7feb4010b52021-12-21 11:23:01.943root 11241100x8000000000000000523637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e2f7c0f11894c2021-12-21 11:23:01.943root 11241100x8000000000000000523638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870a7b19d95cd7072021-12-21 11:23:01.943root 11241100x8000000000000000523639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f605c4bdafd0dcda2021-12-21 11:23:01.944root 11241100x8000000000000000523640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9314e535f7e902021-12-21 11:23:01.944root 11241100x8000000000000000523641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598f682a4d04f8f2021-12-21 11:23:01.944root 11241100x8000000000000000523642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1a213b7b5a8db72021-12-21 11:23:01.944root 11241100x8000000000000000523643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9554f7357f9063c12021-12-21 11:23:02.443root 11241100x8000000000000000523644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65b8aa02d24e5992021-12-21 11:23:02.443root 11241100x8000000000000000523645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5484ef9f639527732021-12-21 11:23:02.443root 11241100x8000000000000000523646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d6689a1209e19e2021-12-21 11:23:02.443root 11241100x8000000000000000523647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5672339bd180404f2021-12-21 11:23:02.443root 11241100x8000000000000000523648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b120a0357326b2021-12-21 11:23:02.444root 11241100x8000000000000000523649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317393d433f6a3e2021-12-21 11:23:02.444root 11241100x8000000000000000523650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc78f2e723ae0d2021-12-21 11:23:02.444root 11241100x8000000000000000523651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a49a21babb98202021-12-21 11:23:02.444root 11241100x8000000000000000523652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ce12d82080dd872021-12-21 11:23:02.444root 11241100x8000000000000000523653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5f1285ece7507d2021-12-21 11:23:02.444root 11241100x8000000000000000523654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c5a3b8b27524c12021-12-21 11:23:02.943root 11241100x8000000000000000523655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2406a141053a9c72021-12-21 11:23:02.943root 11241100x8000000000000000523656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb304d8a4a5e42f2021-12-21 11:23:02.943root 11241100x8000000000000000523657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1b3a35b9b359e2021-12-21 11:23:02.943root 11241100x8000000000000000523658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195a1be619f73a5b2021-12-21 11:23:02.943root 11241100x8000000000000000523659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac1b1530e5b36872021-12-21 11:23:02.943root 11241100x8000000000000000523660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5bdd7f598ed912021-12-21 11:23:02.944root 11241100x8000000000000000523661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819e627e855eb9052021-12-21 11:23:02.944root 11241100x8000000000000000523662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91a6121fd89e08e2021-12-21 11:23:02.944root 11241100x8000000000000000523663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c9db17ece0297b2021-12-21 11:23:02.944root 11241100x8000000000000000523664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2a86b55d4dd6b62021-12-21 11:23:02.944root 11241100x8000000000000000523665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a6b1654ba45c32021-12-21 11:23:03.443root 11241100x8000000000000000523666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3131548245b6162021-12-21 11:23:03.443root 11241100x8000000000000000523667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2be00172f989b2021-12-21 11:23:03.443root 11241100x8000000000000000523668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13efcf6243be6f182021-12-21 11:23:03.443root 11241100x8000000000000000523669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b43440ce741e8872021-12-21 11:23:03.444root 11241100x8000000000000000523670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b25eeafe7403242021-12-21 11:23:03.444root 11241100x8000000000000000523671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fde132e4d6f92e2021-12-21 11:23:03.444root 11241100x8000000000000000523672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f13ebc6941a5f7c2021-12-21 11:23:03.444root 11241100x8000000000000000523673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e706011e3bc06f2021-12-21 11:23:03.444root 11241100x8000000000000000523674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabdc8e22e1279482021-12-21 11:23:03.444root 11241100x8000000000000000523675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065cc44590562872021-12-21 11:23:03.444root 11241100x8000000000000000523676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c69ac6551cb464b2021-12-21 11:23:03.943root 11241100x8000000000000000523677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3e7c13dc3c0ef52021-12-21 11:23:03.943root 11241100x8000000000000000523678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe84eed00c27242021-12-21 11:23:03.943root 11241100x8000000000000000523679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2518fdd4d470b1b82021-12-21 11:23:03.943root 11241100x8000000000000000523680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4941b956e5a72272021-12-21 11:23:03.943root 11241100x8000000000000000523681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3a5812b0e94df52021-12-21 11:23:03.943root 11241100x8000000000000000523682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3253c6c3f48c57da2021-12-21 11:23:03.944root 11241100x8000000000000000523683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a87f948f3f39802021-12-21 11:23:03.944root 11241100x8000000000000000523684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164241f651aecce92021-12-21 11:23:03.944root 11241100x8000000000000000523685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934e174068532ab2021-12-21 11:23:03.944root 11241100x8000000000000000523686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534892c28966e7c62021-12-21 11:23:03.944root 354300x8000000000000000523687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.069{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48460-false10.0.1.12-8000- 11241100x8000000000000000523688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26126a787c82c9062021-12-21 11:23:04.443root 11241100x8000000000000000523689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed02c9c5064c3b422021-12-21 11:23:04.443root 11241100x8000000000000000523690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610a723ba2573e972021-12-21 11:23:04.443root 11241100x8000000000000000523691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfbe333615686c2021-12-21 11:23:04.443root 11241100x8000000000000000523692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ba384ab2e4ae192021-12-21 11:23:04.443root 11241100x8000000000000000523693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a632e636e9f86d402021-12-21 11:23:04.443root 11241100x8000000000000000523694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e1d1da874fcc02021-12-21 11:23:04.443root 11241100x8000000000000000523695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4004a1928a004e1a2021-12-21 11:23:04.444root 11241100x8000000000000000523696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d73fac51d452b592021-12-21 11:23:04.444root 11241100x8000000000000000523697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08332086ed144c52021-12-21 11:23:04.444root 11241100x8000000000000000523698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e21dc4ccafc27c2021-12-21 11:23:04.444root 11241100x8000000000000000523699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b68976487f6a6d82021-12-21 11:23:04.444root 11241100x8000000000000000523700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60d724ee6ed8acc2021-12-21 11:23:04.943root 11241100x8000000000000000523701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805edee97bcde0302021-12-21 11:23:04.943root 11241100x8000000000000000523702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b682d06104a57cf2021-12-21 11:23:04.943root 11241100x8000000000000000523703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ebcb14e10dca192021-12-21 11:23:04.944root 11241100x8000000000000000523704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ac8b23d23f2e4b2021-12-21 11:23:04.944root 11241100x8000000000000000523705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd66e461697d81112021-12-21 11:23:04.944root 11241100x8000000000000000523706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c2d07d15e7a8f2021-12-21 11:23:04.944root 11241100x8000000000000000523707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bc2155cd990ae52021-12-21 11:23:04.944root 11241100x8000000000000000523708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9824fd27a7a6229d2021-12-21 11:23:04.944root 11241100x8000000000000000523709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb7f5108641f802021-12-21 11:23:04.944root 11241100x8000000000000000523710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73da27b695ec8c1f2021-12-21 11:23:04.944root 11241100x8000000000000000523711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03cbf0ff2dde9692021-12-21 11:23:04.944root 11241100x8000000000000000523712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1176f6669a45d5032021-12-21 11:23:05.443root 11241100x8000000000000000523713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9919f50e4f0f4a102021-12-21 11:23:05.443root 11241100x8000000000000000523714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c27fee13ad6e42021-12-21 11:23:05.443root 11241100x8000000000000000523715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff42af9ef62658ce2021-12-21 11:23:05.443root 11241100x8000000000000000523716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfd9bfdfebb507c2021-12-21 11:23:05.443root 11241100x8000000000000000523717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be46f9bc2f7c572021-12-21 11:23:05.443root 11241100x8000000000000000523718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c295e8bb2181bb2021-12-21 11:23:05.443root 11241100x8000000000000000523719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228a01a3ed55853c2021-12-21 11:23:05.443root 11241100x8000000000000000523720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad287639e53110912021-12-21 11:23:05.443root 11241100x8000000000000000523721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c23908f81e1cd292021-12-21 11:23:05.444root 11241100x8000000000000000523722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6a065d2763ba342021-12-21 11:23:05.444root 11241100x8000000000000000523723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd295ee80264ef152021-12-21 11:23:05.444root 11241100x8000000000000000523724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394125b4737c48112021-12-21 11:23:05.943root 11241100x8000000000000000523725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4c730e36f1a742021-12-21 11:23:05.943root 11241100x8000000000000000523726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf122528a96fc02021-12-21 11:23:05.943root 11241100x8000000000000000523727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bad7cee767ece562021-12-21 11:23:05.943root 11241100x8000000000000000523728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdc53297fb52ccb2021-12-21 11:23:05.943root 11241100x8000000000000000523729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34cb56d0a7900c2021-12-21 11:23:05.943root 11241100x8000000000000000523730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b239b2d73e581b72021-12-21 11:23:05.943root 11241100x8000000000000000523731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549a59eb2ce889b2021-12-21 11:23:05.943root 11241100x8000000000000000523732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3854b36066ffebdf2021-12-21 11:23:05.944root 11241100x8000000000000000523733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436444da670da0222021-12-21 11:23:05.944root 11241100x8000000000000000523734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b671656c4404e6dc2021-12-21 11:23:05.944root 11241100x8000000000000000523735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3f7247a5fef43c2021-12-21 11:23:05.944root 11241100x8000000000000000523736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:23:06.329root 11241100x8000000000000000523737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9792728eb825a40e2021-12-21 11:23:06.330root 11241100x8000000000000000523738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbabccc8627bf6e2021-12-21 11:23:06.330root 11241100x8000000000000000523739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba89fe92bcdd22652021-12-21 11:23:06.330root 11241100x8000000000000000523740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede27cad45fceebf2021-12-21 11:23:06.330root 11241100x8000000000000000523741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46355f5aab63223c2021-12-21 11:23:06.330root 11241100x8000000000000000523742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311e5f9573c4d26d2021-12-21 11:23:06.330root 11241100x8000000000000000523743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474cdc393e1010d82021-12-21 11:23:06.330root 11241100x8000000000000000523744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace89b84b3d51db2021-12-21 11:23:06.331root 11241100x8000000000000000523745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efae758c20b12962021-12-21 11:23:06.331root 11241100x8000000000000000523746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a83ed6246e3f8a2021-12-21 11:23:06.331root 11241100x8000000000000000523747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b50e5d81213cee82021-12-21 11:23:06.331root 11241100x8000000000000000523748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00e78aa6be7547c2021-12-21 11:23:06.331root 11241100x8000000000000000523749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e518b218e1f9f4b32021-12-21 11:23:06.331root 11241100x8000000000000000523750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3c8b99f68ecfa22021-12-21 11:23:06.692root 11241100x8000000000000000523751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609e9f97d706197a2021-12-21 11:23:06.693root 11241100x8000000000000000523752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b416d32482707f22021-12-21 11:23:06.693root 11241100x8000000000000000523753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4900c2faac9912021-12-21 11:23:06.693root 11241100x8000000000000000523754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4e3a98f8e163d62021-12-21 11:23:06.694root 11241100x8000000000000000523755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed66982da439e752021-12-21 11:23:06.694root 11241100x8000000000000000523756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8ee733026cefe2021-12-21 11:23:06.694root 11241100x8000000000000000523757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f050aa017beedd092021-12-21 11:23:06.694root 11241100x8000000000000000523758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae2373299c768482021-12-21 11:23:06.694root 11241100x8000000000000000523759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eae053bd707f3012021-12-21 11:23:06.694root 11241100x8000000000000000523760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58acd518b3fcdba2021-12-21 11:23:06.694root 11241100x8000000000000000523761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d57d1725d302a82021-12-21 11:23:06.694root 11241100x8000000000000000523762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a8cb4298cc83f32021-12-21 11:23:06.694root 11241100x8000000000000000523763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958143bb999c90b32021-12-21 11:23:07.193root 11241100x8000000000000000523764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4933ee99504ce2021-12-21 11:23:07.193root 11241100x8000000000000000523765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48559da46572decc2021-12-21 11:23:07.193root 11241100x8000000000000000523766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676cc3b9a57147f12021-12-21 11:23:07.193root 11241100x8000000000000000523767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b06773cf601cc912021-12-21 11:23:07.193root 11241100x8000000000000000523768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c3760de24a0112021-12-21 11:23:07.193root 11241100x8000000000000000523769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ac0f3614a3b0e22021-12-21 11:23:07.193root 11241100x8000000000000000523770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0525489cf362612021-12-21 11:23:07.194root 11241100x8000000000000000523771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a9f95c25101152021-12-21 11:23:07.194root 11241100x8000000000000000523772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471cbae42cd1b5f2021-12-21 11:23:07.194root 11241100x8000000000000000523773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d837aaaf6ae5e8882021-12-21 11:23:07.194root 11241100x8000000000000000523774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c972aed361b4f252021-12-21 11:23:07.194root 11241100x8000000000000000523775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2746517b74eaeb2021-12-21 11:23:07.194root 11241100x8000000000000000523776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62229b07f77cb652021-12-21 11:23:07.693root 11241100x8000000000000000523777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af13511a083a9742021-12-21 11:23:07.693root 11241100x8000000000000000523778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94c74b3b267ef612021-12-21 11:23:07.693root 11241100x8000000000000000523779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27ecc06ce60d712021-12-21 11:23:07.693root 11241100x8000000000000000523780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4b48da296b39a72021-12-21 11:23:07.693root 11241100x8000000000000000523781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100c5bbe983a09492021-12-21 11:23:07.693root 11241100x8000000000000000523782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf57f1a2c5f426722021-12-21 11:23:07.693root 11241100x8000000000000000523783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41de7b85ba4c78bb2021-12-21 11:23:07.693root 11241100x8000000000000000523784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a5c9778ee7f4752021-12-21 11:23:07.694root 11241100x8000000000000000523785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614276caec1631d12021-12-21 11:23:07.694root 11241100x8000000000000000523786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcdaf45c73077a42021-12-21 11:23:07.694root 11241100x8000000000000000523787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d199563f7659f2d2021-12-21 11:23:07.694root 11241100x8000000000000000523788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61780076e8b823c2021-12-21 11:23:07.694root 11241100x8000000000000000523789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fdd2da550e5b592021-12-21 11:23:08.193root 11241100x8000000000000000523790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bd175b2b1421ec2021-12-21 11:23:08.193root 11241100x8000000000000000523791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94563fcc8e39c982021-12-21 11:23:08.193root 11241100x8000000000000000523792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa668ef7fec5d1062021-12-21 11:23:08.193root 11241100x8000000000000000523793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a2786fb34cfe382021-12-21 11:23:08.193root 11241100x8000000000000000523794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd5378da55f86532021-12-21 11:23:08.194root 11241100x8000000000000000523795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd0298739201c632021-12-21 11:23:08.194root 11241100x8000000000000000523796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ff5c362da3d9492021-12-21 11:23:08.194root 11241100x8000000000000000523797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e15a5df491d8082021-12-21 11:23:08.194root 11241100x8000000000000000523798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444ec945b62469412021-12-21 11:23:08.194root 11241100x8000000000000000523799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604717244706d6392021-12-21 11:23:08.194root 11241100x8000000000000000523800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d57164e1196c1572021-12-21 11:23:08.194root 11241100x8000000000000000523801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d63a2822f8022852021-12-21 11:23:08.194root 11241100x8000000000000000523802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae9419bf3900ca92021-12-21 11:23:08.693root 11241100x8000000000000000523803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136b2ebb107b64b92021-12-21 11:23:08.693root 11241100x8000000000000000523804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac439292bf645082021-12-21 11:23:08.693root 11241100x8000000000000000523805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d675f28985b9db02021-12-21 11:23:08.693root 11241100x8000000000000000523806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab74fac3344d77c82021-12-21 11:23:08.693root 11241100x8000000000000000523807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c1f819a31bec0b2021-12-21 11:23:08.693root 11241100x8000000000000000523808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f19f031c3fa7bc2021-12-21 11:23:08.694root 11241100x8000000000000000523809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a7d09ad7a53812021-12-21 11:23:08.694root 11241100x8000000000000000523810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da7f741dc619a32021-12-21 11:23:08.694root 11241100x8000000000000000523811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0fa6878a5456502021-12-21 11:23:08.694root 11241100x8000000000000000523812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824be3f9352e2142021-12-21 11:23:08.694root 11241100x8000000000000000523813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8102819b5000ef82021-12-21 11:23:08.694root 11241100x8000000000000000523814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91bbc37407174762021-12-21 11:23:08.694root 354300x8000000000000000523815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.131{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48462-false10.0.1.12-8000- 11241100x8000000000000000523816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071b833ebb657422021-12-21 11:23:09.133root 11241100x8000000000000000523817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a36f6c34f1908d52021-12-21 11:23:09.133root 11241100x8000000000000000523818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07238b7cdf66e8cf2021-12-21 11:23:09.133root 11241100x8000000000000000523819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5571fed489417762021-12-21 11:23:09.133root 11241100x8000000000000000523820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c215ae40f869ae2021-12-21 11:23:09.133root 11241100x8000000000000000523821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da576f27a35b0a72021-12-21 11:23:09.133root 11241100x8000000000000000523822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af6c2cef2cf9d02021-12-21 11:23:09.133root 11241100x8000000000000000523823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a3c9cf559f963d2021-12-21 11:23:09.134root 11241100x8000000000000000523824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ae01deb66e501e2021-12-21 11:23:09.134root 11241100x8000000000000000523825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ed62458b81e7a2021-12-21 11:23:09.134root 11241100x8000000000000000523826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be49a7e87b907492021-12-21 11:23:09.134root 11241100x8000000000000000523827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83dc287af7e79272021-12-21 11:23:09.134root 11241100x8000000000000000523828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f67f744f6714e392021-12-21 11:23:09.134root 11241100x8000000000000000523829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26632b70e6022b02021-12-21 11:23:09.134root 23542300x8000000000000000523830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.332{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000523831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8674df153834b5962021-12-21 11:23:09.443root 11241100x8000000000000000523832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05044114056dc7062021-12-21 11:23:09.443root 11241100x8000000000000000523833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c10e14bb1f42eb2021-12-21 11:23:09.443root 11241100x8000000000000000523834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ff836b42b7f5052021-12-21 11:23:09.443root 11241100x8000000000000000523835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2500d6bcc04d762021-12-21 11:23:09.443root 11241100x8000000000000000523836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0831be16d0f9742021-12-21 11:23:09.443root 11241100x8000000000000000523837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2218bdf1291127442021-12-21 11:23:09.443root 11241100x8000000000000000523838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb49ba89471071b2021-12-21 11:23:09.443root 11241100x8000000000000000523839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8e1a738623e6a12021-12-21 11:23:09.444root 11241100x8000000000000000523840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cccbbccc21ba022021-12-21 11:23:09.444root 11241100x8000000000000000523841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62060dfd3053eb42021-12-21 11:23:09.444root 11241100x8000000000000000523842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870b8564fe6d62e52021-12-21 11:23:09.444root 11241100x8000000000000000523843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeac68d26ea1d5d62021-12-21 11:23:09.444root 11241100x8000000000000000523844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfd315f5e6925ed2021-12-21 11:23:09.444root 11241100x8000000000000000523845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856aa4b79b108f4e2021-12-21 11:23:09.444root 11241100x8000000000000000523846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebbfe3e73f96fc62021-12-21 11:23:09.943root 11241100x8000000000000000523847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f31c6c6672bfd12021-12-21 11:23:09.943root 11241100x8000000000000000523848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd312baa461a26322021-12-21 11:23:09.943root 11241100x8000000000000000523849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8542bbb0fee5bd6e2021-12-21 11:23:09.943root 11241100x8000000000000000523850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79930093460b6822021-12-21 11:23:09.943root 11241100x8000000000000000523851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7f7f606201a8d02021-12-21 11:23:09.944root 11241100x8000000000000000523852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11360a2839099dc22021-12-21 11:23:09.944root 11241100x8000000000000000523853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec7db14d5c416d92021-12-21 11:23:09.944root 11241100x8000000000000000523854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb3cca5fbb794a2021-12-21 11:23:09.944root 11241100x8000000000000000523855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd278251fdf57e62021-12-21 11:23:09.944root 11241100x8000000000000000523856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1879e8c2c7e7bdd2021-12-21 11:23:09.944root 11241100x8000000000000000523857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d019370e1822e02021-12-21 11:23:09.944root 11241100x8000000000000000523858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfe4e5ce5d558e62021-12-21 11:23:09.944root 11241100x8000000000000000523859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99582fd83399dd782021-12-21 11:23:09.944root 11241100x8000000000000000523860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf4b84cc274b972021-12-21 11:23:09.944root 11241100x8000000000000000523861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3d7e527b9f73952021-12-21 11:23:10.443root 11241100x8000000000000000523862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff4db602b0abee92021-12-21 11:23:10.443root 11241100x8000000000000000523863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513708ae770a903c2021-12-21 11:23:10.443root 11241100x8000000000000000523864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f341883908d2f2021-12-21 11:23:10.443root 11241100x8000000000000000523865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e928bb8d9d5911c02021-12-21 11:23:10.443root 11241100x8000000000000000523866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a58d8a762bf847e2021-12-21 11:23:10.443root 11241100x8000000000000000523867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895836412f88cb082021-12-21 11:23:10.443root 11241100x8000000000000000523868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86906c3efdde86672021-12-21 11:23:10.444root 11241100x8000000000000000523869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8be35790c7011f2021-12-21 11:23:10.444root 11241100x8000000000000000523870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4aeafc980ddcc52021-12-21 11:23:10.444root 11241100x8000000000000000523871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed4670e3b8046b72021-12-21 11:23:10.444root 11241100x8000000000000000523872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ee7f61ecb2c9402021-12-21 11:23:10.444root 11241100x8000000000000000523873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7680e2c529f07992021-12-21 11:23:10.444root 11241100x8000000000000000523874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d6b308aa6363f22021-12-21 11:23:10.444root 11241100x8000000000000000523875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71565668bea459a72021-12-21 11:23:10.444root 11241100x8000000000000000523876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1153ead9958a0a2021-12-21 11:23:10.444root 11241100x8000000000000000523877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fa2977e02f36662021-12-21 11:23:10.445root 11241100x8000000000000000523878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb385b72685ffc12021-12-21 11:23:10.445root 11241100x8000000000000000523879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e86b3d7c2b5122021-12-21 11:23:10.445root 11241100x8000000000000000523880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c366191bd944d42021-12-21 11:23:10.445root 11241100x8000000000000000523881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4f971f7032d3302021-12-21 11:23:10.445root 11241100x8000000000000000523882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa7ab39a08eaaf2021-12-21 11:23:10.445root 11241100x8000000000000000523883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea691b2517968d102021-12-21 11:23:10.943root 11241100x8000000000000000523884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d87bba7cecbefd2021-12-21 11:23:10.943root 11241100x8000000000000000523885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab913824d401cba2021-12-21 11:23:10.944root 11241100x8000000000000000523886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b0e9d2c47576972021-12-21 11:23:10.944root 11241100x8000000000000000523887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3a2fa8ed1afdc92021-12-21 11:23:10.944root 11241100x8000000000000000523888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f5547d50cbf4632021-12-21 11:23:10.944root 11241100x8000000000000000523889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad684573b3ebd0a2021-12-21 11:23:10.944root 11241100x8000000000000000523890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d8d0b7830c4d862021-12-21 11:23:10.945root 11241100x8000000000000000523891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831d71933f5a62402021-12-21 11:23:10.945root 11241100x8000000000000000523892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b0f31e9d7d1b82021-12-21 11:23:10.945root 11241100x8000000000000000523893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c85b7815428cfd2021-12-21 11:23:10.945root 11241100x8000000000000000523894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190a5b152c84c8362021-12-21 11:23:10.945root 11241100x8000000000000000523895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753517e9f41344202021-12-21 11:23:10.945root 11241100x8000000000000000523896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a1c3f245092daf2021-12-21 11:23:10.946root 11241100x8000000000000000523897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e4bc6b6298a0f32021-12-21 11:23:10.946root 11241100x8000000000000000523898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58a135e5a9e20a62021-12-21 11:23:11.443root 11241100x8000000000000000523899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6aad4b9000f3432021-12-21 11:23:11.444root 11241100x8000000000000000523900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a378fdb30dbfe792021-12-21 11:23:11.444root 11241100x8000000000000000523901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37caa26759a588102021-12-21 11:23:11.444root 11241100x8000000000000000523902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a26691f0cc13e2021-12-21 11:23:11.444root 11241100x8000000000000000523903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f694dba2da62272021-12-21 11:23:11.444root 11241100x8000000000000000523904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50d8ace4082d7de2021-12-21 11:23:11.444root 11241100x8000000000000000523905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b934cd2b7f384c72021-12-21 11:23:11.444root 11241100x8000000000000000523906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274e93550c6f1b3e2021-12-21 11:23:11.444root 11241100x8000000000000000523907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8782b3d213afb4b2021-12-21 11:23:11.444root 11241100x8000000000000000523908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a8805f0cd13f52021-12-21 11:23:11.445root 11241100x8000000000000000523909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b53f6d837ea0d72021-12-21 11:23:11.445root 11241100x8000000000000000523910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada77f4d2c5c91f2021-12-21 11:23:11.445root 11241100x8000000000000000523911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00f8955e4cfe092021-12-21 11:23:11.445root 11241100x8000000000000000523912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9df5706a94dccf2021-12-21 11:23:11.445root 154100x8000000000000000523913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.848{ec2b6afe-b91f-61c1-68d4-cb46dc550000}9860/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000523914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.850{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86311db3bea0de832021-12-21 11:23:11.850root 11241100x8000000000000000523915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5d9e4e3e8ab772021-12-21 11:23:11.851root 11241100x8000000000000000523916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fc796365bf0a7f2021-12-21 11:23:11.851root 11241100x8000000000000000523917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d4471d9968cb02021-12-21 11:23:11.851root 11241100x8000000000000000523918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da64f3d56c27a78f2021-12-21 11:23:11.851root 11241100x8000000000000000523919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e4a3e2a30c91d2021-12-21 11:23:11.851root 11241100x8000000000000000523920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ad448a54b0c342021-12-21 11:23:11.851root 11241100x8000000000000000523921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95cb3617ad5905d2021-12-21 11:23:11.851root 11241100x8000000000000000523922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42662743c791ea02021-12-21 11:23:11.852root 11241100x8000000000000000523923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a542790cd502a2021-12-21 11:23:11.852root 11241100x8000000000000000523924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa03e9fb9c453582021-12-21 11:23:11.852root 11241100x8000000000000000523925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb18b468b1047b02021-12-21 11:23:11.852root 11241100x8000000000000000523926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507fa5fa4eec394a2021-12-21 11:23:11.852root 11241100x8000000000000000523927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2c0340fb21d6022021-12-21 11:23:11.852root 11241100x8000000000000000523928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.853{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd5a87b7ae6707f2021-12-21 11:23:11.853root 11241100x8000000000000000523929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.853{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b793d87d56d05942021-12-21 11:23:11.853root 534500x8000000000000000523930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.859{ec2b6afe-b91f-61c1-68d4-cb46dc550000}9860/bin/psroot 11241100x8000000000000000523931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1322379b58a69c552021-12-21 11:23:12.193root 11241100x8000000000000000523932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c46119aaf8447b2021-12-21 11:23:12.193root 11241100x8000000000000000523933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7cde36d8f46a832021-12-21 11:23:12.194root 11241100x8000000000000000523934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bdef56d4b009802021-12-21 11:23:12.194root 11241100x8000000000000000523935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c0a4537b4b408a2021-12-21 11:23:12.194root 11241100x8000000000000000523936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e470811d0a40032021-12-21 11:23:12.194root 11241100x8000000000000000523937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46564a4b68f6f0ee2021-12-21 11:23:12.194root 11241100x8000000000000000523938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac38bd2dd503b52021-12-21 11:23:12.195root 11241100x8000000000000000523939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072a2a0fad1663ca2021-12-21 11:23:12.195root 11241100x8000000000000000523940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3799b851cd8ac8182021-12-21 11:23:12.195root 11241100x8000000000000000523941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eba16d803b7d3f42021-12-21 11:23:12.195root 11241100x8000000000000000523942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d457be70797b5cb2021-12-21 11:23:12.195root 11241100x8000000000000000523943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68023d3cac251d9e2021-12-21 11:23:12.195root 11241100x8000000000000000523944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23225eaf2d568ada2021-12-21 11:23:12.195root 11241100x8000000000000000523945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c58fdf0b9aff6f22021-12-21 11:23:12.195root 11241100x8000000000000000523946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5f369964244de2021-12-21 11:23:12.196root 11241100x8000000000000000523947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922990df4081ad8f2021-12-21 11:23:12.196root 11241100x8000000000000000523948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3475dfc5b94e5c2021-12-21 11:23:12.693root 11241100x8000000000000000523949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc044c1a0a6c2a92021-12-21 11:23:12.693root 11241100x8000000000000000523950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bcb4a106e431902021-12-21 11:23:12.693root 11241100x8000000000000000523951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e713aa8ac7600632021-12-21 11:23:12.693root 11241100x8000000000000000523952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353ddd1b1998fa542021-12-21 11:23:12.693root 11241100x8000000000000000523953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658190487a28117b2021-12-21 11:23:12.694root 11241100x8000000000000000523954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090906b39e1211c12021-12-21 11:23:12.694root 11241100x8000000000000000523955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9dfdfeeb16e2a2021-12-21 11:23:12.694root 11241100x8000000000000000523956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e491bcc9eac77aeb2021-12-21 11:23:12.694root 11241100x8000000000000000523957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fb899e5754905e2021-12-21 11:23:12.694root 11241100x8000000000000000523958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b87627ccd80ace2021-12-21 11:23:12.694root 11241100x8000000000000000523959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fa0f408a5f08c42021-12-21 11:23:12.694root 11241100x8000000000000000523960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c909a1a570ddcc2021-12-21 11:23:12.694root 11241100x8000000000000000523961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5695dc5c3284972021-12-21 11:23:12.694root 11241100x8000000000000000523962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3396a3a84908a7be2021-12-21 11:23:12.694root 11241100x8000000000000000523963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48f953308607fb62021-12-21 11:23:12.694root 11241100x8000000000000000523964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007c9c804fc80bb52021-12-21 11:23:12.695root 11241100x8000000000000000523965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01389c3858ab56272021-12-21 11:23:13.193root 11241100x8000000000000000523966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb37580f9e757b12021-12-21 11:23:13.193root 11241100x8000000000000000523967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91330a7548ce6e82021-12-21 11:23:13.193root 11241100x8000000000000000523968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a74c9e4e94a2cf2021-12-21 11:23:13.193root 11241100x8000000000000000523969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6effc1a7651f612021-12-21 11:23:13.193root 11241100x8000000000000000523970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42bbb26b54d3be42021-12-21 11:23:13.194root 11241100x8000000000000000523971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201df73ffecb4ac2021-12-21 11:23:13.194root 11241100x8000000000000000523972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99090738edfd112021-12-21 11:23:13.194root 11241100x8000000000000000523973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966c9fc450c2938b2021-12-21 11:23:13.194root 11241100x8000000000000000523974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f376ae9f57b7d2a2021-12-21 11:23:13.194root 11241100x8000000000000000523975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a127992914ee74022021-12-21 11:23:13.194root 11241100x8000000000000000523976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94064a26a1f8c3b2021-12-21 11:23:13.195root 11241100x8000000000000000523977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16251404512438ca2021-12-21 11:23:13.195root 11241100x8000000000000000523978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be6c379ee5f4c1d2021-12-21 11:23:13.195root 11241100x8000000000000000523979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7699fe48f9e3fa5a2021-12-21 11:23:13.195root 11241100x8000000000000000523980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446787f2468bdea2021-12-21 11:23:13.195root 11241100x8000000000000000523981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04db81a0764b50d2021-12-21 11:23:13.195root 11241100x8000000000000000523982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce20b848300b1e52021-12-21 11:23:13.196root 11241100x8000000000000000523983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6315d583a1cec5032021-12-21 11:23:13.196root 11241100x8000000000000000523984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc0a7b2f842c44a2021-12-21 11:23:13.196root 11241100x8000000000000000523985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1306b9e2b17e77a52021-12-21 11:23:13.693root 11241100x8000000000000000523986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419148db12ea8f3f2021-12-21 11:23:13.693root 11241100x8000000000000000523987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b9f847745d5892021-12-21 11:23:13.693root 11241100x8000000000000000523988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40db131982ffa0ea2021-12-21 11:23:13.693root 11241100x8000000000000000523989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f899d0b8187eb2021-12-21 11:23:13.693root 11241100x8000000000000000523990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18471c5abb90fd12021-12-21 11:23:13.693root 11241100x8000000000000000523991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68df829f1a8770902021-12-21 11:23:13.694root 11241100x8000000000000000523992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6015507ad65ac9c2021-12-21 11:23:13.694root 11241100x8000000000000000523993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf00ebd5058c1992021-12-21 11:23:13.694root 11241100x8000000000000000523994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dfbe812d0551f42021-12-21 11:23:13.694root 11241100x8000000000000000523995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cc990c37ec13b12021-12-21 11:23:13.694root 11241100x8000000000000000523996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab25d62901132702021-12-21 11:23:13.694root 11241100x8000000000000000523997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55675f009be5f092021-12-21 11:23:13.694root 11241100x8000000000000000523998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cacd9cb1e40f70b2021-12-21 11:23:13.694root 11241100x8000000000000000523999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e48978da55f302021-12-21 11:23:13.694root 11241100x8000000000000000524000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5561413bfa14d4552021-12-21 11:23:13.694root 11241100x8000000000000000524001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c0e4dd7cdcc642021-12-21 11:23:13.694root 11241100x8000000000000000524002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6ef11d0f0b80d2021-12-21 11:23:14.193root 11241100x8000000000000000524003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9459e66b22e90572021-12-21 11:23:14.193root 11241100x8000000000000000524004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d761f6583df2c802021-12-21 11:23:14.193root 11241100x8000000000000000524005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f6a3958fd9e202021-12-21 11:23:14.193root 11241100x8000000000000000524006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d119a96fd86c5e2021-12-21 11:23:14.194root 11241100x8000000000000000524007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e500a899d178f642021-12-21 11:23:14.194root 11241100x8000000000000000524008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd155b8e26dc0fdf2021-12-21 11:23:14.194root 11241100x8000000000000000524009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9079fc996126e2021-12-21 11:23:14.194root 11241100x8000000000000000524010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1936eacedc6e0902021-12-21 11:23:14.194root 11241100x8000000000000000524011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa53b358a24a892021-12-21 11:23:14.194root 11241100x8000000000000000524012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59f3ab400e2b8832021-12-21 11:23:14.194root 11241100x8000000000000000524013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e862b62780e1b2021-12-21 11:23:14.194root 11241100x8000000000000000524014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43d3c6c6a4ce5f92021-12-21 11:23:14.195root 11241100x8000000000000000524015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ebdbd06fb7b6c12021-12-21 11:23:14.195root 11241100x8000000000000000524016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688c4de92ab000ae2021-12-21 11:23:14.195root 11241100x8000000000000000524017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b834d148060af76c2021-12-21 11:23:14.195root 11241100x8000000000000000524018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98b50e99f37b112021-12-21 11:23:14.195root 11241100x8000000000000000524019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c153bf522710a712021-12-21 11:23:14.693root 11241100x8000000000000000524020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d349937523fd4e9b2021-12-21 11:23:14.693root 11241100x8000000000000000524021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75200a836a24cf442021-12-21 11:23:14.693root 11241100x8000000000000000524022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2887da744d3bbf822021-12-21 11:23:14.693root 11241100x8000000000000000524023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439ec5cbb9d01ac72021-12-21 11:23:14.694root 11241100x8000000000000000524024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c89720c37bf9452021-12-21 11:23:14.694root 11241100x8000000000000000524025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a851a704f1a607382021-12-21 11:23:14.694root 11241100x8000000000000000524026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ea474a862b9e42021-12-21 11:23:14.694root 11241100x8000000000000000524027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcef662c836e12d2021-12-21 11:23:14.694root 11241100x8000000000000000524028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266f51339326e66b2021-12-21 11:23:14.694root 11241100x8000000000000000524029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4cacbaadcddaff2021-12-21 11:23:14.694root 11241100x8000000000000000524030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa100eb4dd2c3c72021-12-21 11:23:14.694root 11241100x8000000000000000524031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda3c5d6dcfc810b2021-12-21 11:23:14.694root 11241100x8000000000000000524032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ca86d1a2b5f222021-12-21 11:23:14.694root 11241100x8000000000000000524033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665c694ece331e22021-12-21 11:23:14.694root 11241100x8000000000000000524034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ac4a634a592cda2021-12-21 11:23:14.695root 11241100x8000000000000000524035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7da27b9ab1804102021-12-21 11:23:14.695root 354300x8000000000000000524036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.021{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48464-false10.0.1.12-8000- 11241100x8000000000000000524037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bf2bc96f7191ed2021-12-21 11:23:15.021root 11241100x8000000000000000524038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071014c445fa8e812021-12-21 11:23:15.022root 11241100x8000000000000000524039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696313a2b69fb4bc2021-12-21 11:23:15.022root 11241100x8000000000000000524040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c7f8b9f00512e62021-12-21 11:23:15.022root 11241100x8000000000000000524041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2158e7f56c4d862021-12-21 11:23:15.022root 11241100x8000000000000000524042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc1c5903f8b27392021-12-21 11:23:15.022root 11241100x8000000000000000524043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19bbfc8a2714a52021-12-21 11:23:15.022root 11241100x8000000000000000524044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9ff3100fc701452021-12-21 11:23:15.023root 11241100x8000000000000000524045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a8ba1eb88e553c2021-12-21 11:23:15.023root 11241100x8000000000000000524046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a44d15a69f745c2021-12-21 11:23:15.023root 11241100x8000000000000000524047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3b6e265559f452021-12-21 11:23:15.023root 11241100x8000000000000000524048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467f08b47ba4831b2021-12-21 11:23:15.023root 11241100x8000000000000000524049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1fa75e84051392021-12-21 11:23:15.024root 11241100x8000000000000000524050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109f56c7854406912021-12-21 11:23:15.024root 11241100x8000000000000000524051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d12ea355e85a7c92021-12-21 11:23:15.024root 11241100x8000000000000000524052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74482453bc9abb02021-12-21 11:23:15.024root 11241100x8000000000000000524053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438b8c06c3f6fc5a2021-12-21 11:23:15.024root 11241100x8000000000000000524054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd512e48531ef0d2021-12-21 11:23:15.024root 11241100x8000000000000000524055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb898fbc39430ac2021-12-21 11:23:15.025root 11241100x8000000000000000524056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8cb9aedd321022021-12-21 11:23:15.025root 11241100x8000000000000000524057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c54c96e729a27b2021-12-21 11:23:15.025root 11241100x8000000000000000524058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61ae622550890192021-12-21 11:23:15.025root 11241100x8000000000000000524059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f0a98e1b491f742021-12-21 11:23:15.025root 11241100x8000000000000000524060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8de2e8ef62c4bc42021-12-21 11:23:15.025root 11241100x8000000000000000524061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807c1d230cc5e6d82021-12-21 11:23:15.025root 11241100x8000000000000000524062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb878512ef16aa602021-12-21 11:23:15.443root 11241100x8000000000000000524063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047f857df379542d2021-12-21 11:23:15.443root 11241100x8000000000000000524064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b5614527b0f4f82021-12-21 11:23:15.444root 11241100x8000000000000000524065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde6ef1608d13282021-12-21 11:23:15.444root 11241100x8000000000000000524066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87cc745f1f625d42021-12-21 11:23:15.444root 11241100x8000000000000000524067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1240518c2b56a6052021-12-21 11:23:15.444root 11241100x8000000000000000524068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41f59a9b8a947b2021-12-21 11:23:15.444root 11241100x8000000000000000524069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f8b529d1210f082021-12-21 11:23:15.444root 11241100x8000000000000000524070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448acc19494ebef42021-12-21 11:23:15.444root 11241100x8000000000000000524071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb05f456f4819522021-12-21 11:23:15.444root 11241100x8000000000000000524072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27479ecbc6a77aa52021-12-21 11:23:15.444root 11241100x8000000000000000524073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b475d8118bb1452021-12-21 11:23:15.444root 11241100x8000000000000000524074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b010a0712a86900b2021-12-21 11:23:15.445root 11241100x8000000000000000524075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082fe78ea2e43572021-12-21 11:23:15.445root 11241100x8000000000000000524076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e9901eef155c632021-12-21 11:23:15.445root 11241100x8000000000000000524077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ce4819468136072021-12-21 11:23:15.445root 11241100x8000000000000000524078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94c1cbd3e81d6d72021-12-21 11:23:15.445root 11241100x8000000000000000524079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba957a90dd4c60e2021-12-21 11:23:15.445root 11241100x8000000000000000524080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd319d4b0c799ac82021-12-21 11:23:15.942root 11241100x8000000000000000524081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f22f6247ef69242021-12-21 11:23:15.943root 11241100x8000000000000000524082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e712d9288c11bf5a2021-12-21 11:23:15.943root 11241100x8000000000000000524083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ead9612b002cdd72021-12-21 11:23:15.943root 11241100x8000000000000000524084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d72afa50b6c982021-12-21 11:23:15.943root 11241100x8000000000000000524085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e49c69fe78a46f2021-12-21 11:23:15.943root 11241100x8000000000000000524086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0c7c2c0263343e2021-12-21 11:23:15.943root 11241100x8000000000000000524087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec396011761c552021-12-21 11:23:15.943root 11241100x8000000000000000524088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652544ff2e543d3e2021-12-21 11:23:15.943root 11241100x8000000000000000524089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19596925e2b9e3182021-12-21 11:23:15.943root 11241100x8000000000000000524090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deadb1bcccf0d402021-12-21 11:23:15.944root 11241100x8000000000000000524091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ced410ae58950482021-12-21 11:23:15.944root 11241100x8000000000000000524092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432abb1207eeec852021-12-21 11:23:15.944root 11241100x8000000000000000524093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbed1a726f2b99a2021-12-21 11:23:15.944root 11241100x8000000000000000524094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7a482ab0f5f58d2021-12-21 11:23:15.944root 11241100x8000000000000000524095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b110628df52f7a62021-12-21 11:23:15.944root 11241100x8000000000000000524096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2264c54ffc2919ea2021-12-21 11:23:15.944root 11241100x8000000000000000524097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5683b008cf76692a2021-12-21 11:23:15.944root 11241100x8000000000000000524098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa731e0a1197c512021-12-21 11:23:16.443root 11241100x8000000000000000524099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cacc57f1afc17d2021-12-21 11:23:16.443root 11241100x8000000000000000524100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04965f20b9ceb16c2021-12-21 11:23:16.443root 11241100x8000000000000000524101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03317a1c4ea049d52021-12-21 11:23:16.443root 11241100x8000000000000000524102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe17a1ce2ec88b22021-12-21 11:23:16.443root 11241100x8000000000000000524103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd5cc3f885476072021-12-21 11:23:16.443root 11241100x8000000000000000524104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac43b23db7ef5842021-12-21 11:23:16.443root 11241100x8000000000000000524105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6db3c55cc3c7bd2021-12-21 11:23:16.443root 11241100x8000000000000000524106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0dabdc654675372021-12-21 11:23:16.443root 11241100x8000000000000000524107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5f7655b6430b672021-12-21 11:23:16.444root 11241100x8000000000000000524108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b66cf631c168dde2021-12-21 11:23:16.444root 11241100x8000000000000000524109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c193a65952f0c42021-12-21 11:23:16.444root 11241100x8000000000000000524110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815a03677a8132192021-12-21 11:23:16.444root 11241100x8000000000000000524111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170775ba77c551d22021-12-21 11:23:16.444root 11241100x8000000000000000524112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f88d7fc374aa6b2021-12-21 11:23:16.444root 11241100x8000000000000000524113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e632a8b6e41ebc2021-12-21 11:23:16.444root 11241100x8000000000000000524114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a18ce45573e014a2021-12-21 11:23:16.444root 11241100x8000000000000000524115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c08b6da1bef04182021-12-21 11:23:16.444root 11241100x8000000000000000524116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b020df3fc5363b22021-12-21 11:23:16.943root 11241100x8000000000000000524117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c94d86cba2dd62021-12-21 11:23:16.943root 11241100x8000000000000000524118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3ae8e8a51d98752021-12-21 11:23:16.944root 11241100x8000000000000000524119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8202d9a0cadcb3622021-12-21 11:23:16.944root 11241100x8000000000000000524120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a8c290da72decf2021-12-21 11:23:16.944root 11241100x8000000000000000524121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9496b9de8ccd72021-12-21 11:23:16.944root 11241100x8000000000000000524122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b88b07d7b0a582021-12-21 11:23:16.944root 11241100x8000000000000000524123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1f1027a3b971c72021-12-21 11:23:16.944root 11241100x8000000000000000524124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01aeaf2d2389dbb2021-12-21 11:23:16.944root 11241100x8000000000000000524125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59a61c67c4503502021-12-21 11:23:16.944root 11241100x8000000000000000524126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8641a5a0293e22021-12-21 11:23:16.944root 11241100x8000000000000000524127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd203a2fbb823dd22021-12-21 11:23:16.944root 11241100x8000000000000000524128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07b2c4b441e0e882021-12-21 11:23:16.944root 11241100x8000000000000000524129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d737ee7a6c1c2272021-12-21 11:23:16.945root 11241100x8000000000000000524130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6112ba3f9a84cb9b2021-12-21 11:23:16.945root 11241100x8000000000000000524131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e5256266aa2342021-12-21 11:23:16.945root 11241100x8000000000000000524132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d3e1896a3269602021-12-21 11:23:16.945root 11241100x8000000000000000524133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf7014d8d6590b92021-12-21 11:23:16.945root 11241100x8000000000000000524134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ee69d708a337f92021-12-21 11:23:17.443root 11241100x8000000000000000524135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167d5ae1e025c1cb2021-12-21 11:23:17.443root 11241100x8000000000000000524136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e34cd3f8d5b0ee2021-12-21 11:23:17.443root 11241100x8000000000000000524137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f9032736a411b2021-12-21 11:23:17.444root 11241100x8000000000000000524138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da48635c9db409d2021-12-21 11:23:17.444root 11241100x8000000000000000524139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c01524707f6033a2021-12-21 11:23:17.444root 11241100x8000000000000000524140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1770e58f1a5e12112021-12-21 11:23:17.444root 11241100x8000000000000000524141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4877c8c8d3a433322021-12-21 11:23:17.444root 11241100x8000000000000000524142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc364f7b37cd2d672021-12-21 11:23:17.444root 11241100x8000000000000000524143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30442d0690105612021-12-21 11:23:17.444root 11241100x8000000000000000524144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b54f90b224b4f622021-12-21 11:23:17.444root 11241100x8000000000000000524145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a9dce14f40dac32021-12-21 11:23:17.444root 11241100x8000000000000000524146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda0f015f19a9642021-12-21 11:23:17.444root 11241100x8000000000000000524147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f2b36295255b1f2021-12-21 11:23:17.444root 11241100x8000000000000000524148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7ecbd103ba14db2021-12-21 11:23:17.444root 11241100x8000000000000000524149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aaa05678ce9be32021-12-21 11:23:17.445root 11241100x8000000000000000524150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13d842080ae04562021-12-21 11:23:17.445root 11241100x8000000000000000524151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc59f99bf6e969782021-12-21 11:23:17.445root 11241100x8000000000000000524152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57197fbcc55a2e942021-12-21 11:23:17.943root 11241100x8000000000000000524153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f46c2c71043524a2021-12-21 11:23:17.943root 11241100x8000000000000000524154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84e01f6fb9f1be2021-12-21 11:23:17.943root 11241100x8000000000000000524155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e82524322259b302021-12-21 11:23:17.943root 11241100x8000000000000000524156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c3682ecfb0edec2021-12-21 11:23:17.943root 11241100x8000000000000000524157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a9809c44ed3c7b2021-12-21 11:23:17.943root 11241100x8000000000000000524158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27734393d1a0be882021-12-21 11:23:17.943root 11241100x8000000000000000524159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4310520ed53b32142021-12-21 11:23:17.943root 11241100x8000000000000000524160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b265984c20a91b32021-12-21 11:23:17.943root 11241100x8000000000000000524161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8959ba3697ef962021-12-21 11:23:17.944root 11241100x8000000000000000524162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b636a4ed6301852021-12-21 11:23:17.944root 11241100x8000000000000000524163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117ae1de28ad90c2021-12-21 11:23:17.944root 11241100x8000000000000000524164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a474cf7c42dfd32021-12-21 11:23:17.944root 11241100x8000000000000000524165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfb481d709c97322021-12-21 11:23:17.944root 11241100x8000000000000000524166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512bf8c37bf468d82021-12-21 11:23:17.944root 11241100x8000000000000000524167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667830edb3264c02021-12-21 11:23:17.944root 11241100x8000000000000000524168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779a4f3dd9c3c84f2021-12-21 11:23:17.944root 11241100x8000000000000000524169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a0d6e89b9ec8fc2021-12-21 11:23:17.944root 11241100x8000000000000000524170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b56aacd0276aa82021-12-21 11:23:17.944root 11241100x8000000000000000524171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52bb6dd4775d1842021-12-21 11:23:18.443root 11241100x8000000000000000524172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ed447f051f45cc2021-12-21 11:23:18.443root 11241100x8000000000000000524173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40336ccdb2eca9dd2021-12-21 11:23:18.443root 11241100x8000000000000000524174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e16aea78c1a0742021-12-21 11:23:18.443root 11241100x8000000000000000524175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20a359ca4aab05e2021-12-21 11:23:18.444root 11241100x8000000000000000524176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdef3cceb7da1ab2021-12-21 11:23:18.444root 11241100x8000000000000000524177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046cb5aef847dd9f2021-12-21 11:23:18.444root 11241100x8000000000000000524178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d68ff3f8cf841c2021-12-21 11:23:18.444root 11241100x8000000000000000524179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa63db94c3b1c56a2021-12-21 11:23:18.444root 11241100x8000000000000000524180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48126bdef7b30602021-12-21 11:23:18.444root 11241100x8000000000000000524181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19a729e0a7791e2021-12-21 11:23:18.444root 11241100x8000000000000000524182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ff398c351284a42021-12-21 11:23:18.444root 11241100x8000000000000000524183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf78e8d3c87da0d2021-12-21 11:23:18.444root 11241100x8000000000000000524184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a68551b8269beb2021-12-21 11:23:18.444root 11241100x8000000000000000524185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f20093ecd6fa472021-12-21 11:23:18.444root 11241100x8000000000000000524186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd44d833d45879172021-12-21 11:23:18.444root 11241100x8000000000000000524187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4473efad2724792021-12-21 11:23:18.444root 11241100x8000000000000000524188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223cbd71ef6aba02021-12-21 11:23:18.444root 11241100x8000000000000000524189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4276dc34c688d5162021-12-21 11:23:18.943root 11241100x8000000000000000524190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a3161f549118a52021-12-21 11:23:18.943root 11241100x8000000000000000524191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc953e4b8b464a2021-12-21 11:23:18.943root 11241100x8000000000000000524192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4d788222f9a4182021-12-21 11:23:18.943root 11241100x8000000000000000524193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e97ca1198b7612021-12-21 11:23:18.944root 11241100x8000000000000000524194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef06a0270f402c2021-12-21 11:23:18.944root 11241100x8000000000000000524195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351721fbc0f665d2021-12-21 11:23:18.944root 11241100x8000000000000000524196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a033cfe1800628b2021-12-21 11:23:18.944root 11241100x8000000000000000524197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5dd7e4f62d78562021-12-21 11:23:18.944root 11241100x8000000000000000524198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7289c2d7b11e64642021-12-21 11:23:18.944root 11241100x8000000000000000524199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b406ffd3e699142021-12-21 11:23:18.944root 11241100x8000000000000000524200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea812e90fdcd4022021-12-21 11:23:18.944root 11241100x8000000000000000524201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cd00d558faece52021-12-21 11:23:18.944root 11241100x8000000000000000524202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8e5b9917f5f0cd2021-12-21 11:23:18.944root 11241100x8000000000000000524203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f5d51c42ce37b2021-12-21 11:23:18.945root 11241100x8000000000000000524204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdc2218247c22ae2021-12-21 11:23:18.945root 11241100x8000000000000000524205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cd4097c4707e992021-12-21 11:23:18.945root 11241100x8000000000000000524206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89afa296b5bd43b82021-12-21 11:23:18.945root 11241100x8000000000000000524207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b76bb43ee10f272021-12-21 11:23:19.443root 11241100x8000000000000000524208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086138bb934d0432021-12-21 11:23:19.443root 11241100x8000000000000000524209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be88638d4abd6012021-12-21 11:23:19.443root 11241100x8000000000000000524210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cb603e0c0bc56f2021-12-21 11:23:19.443root 11241100x8000000000000000524211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c145fdcf2f838b62021-12-21 11:23:19.443root 11241100x8000000000000000524212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62448b6923b0a592021-12-21 11:23:19.443root 11241100x8000000000000000524213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b595fe0802b46e652021-12-21 11:23:19.443root 11241100x8000000000000000524214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31dcf4c1e9fb9ea2021-12-21 11:23:19.444root 11241100x8000000000000000524215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6c0bc2c13832c2021-12-21 11:23:19.444root 11241100x8000000000000000524216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa6debd325d8222021-12-21 11:23:19.444root 11241100x8000000000000000524217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378b5c1e49d882be2021-12-21 11:23:19.444root 11241100x8000000000000000524218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f045b124899a0a642021-12-21 11:23:19.444root 11241100x8000000000000000524219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5581a0236f4cccd2021-12-21 11:23:19.444root 11241100x8000000000000000524220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2ade03d40c02012021-12-21 11:23:19.444root 11241100x8000000000000000524221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42fca76b8e454b12021-12-21 11:23:19.444root 11241100x8000000000000000524222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b87eb765cba933b2021-12-21 11:23:19.444root 11241100x8000000000000000524223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699b4a6910072192021-12-21 11:23:19.444root 11241100x8000000000000000524224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad5cf4dac0f01a2021-12-21 11:23:19.444root 11241100x8000000000000000524225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69621ce0a7eb6bb2021-12-21 11:23:19.444root 11241100x8000000000000000524226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc57dba3c30fae142021-12-21 11:23:19.444root 11241100x8000000000000000524227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa3c5573dcf7822021-12-21 11:23:19.943root 11241100x8000000000000000524228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aed0175478c1252021-12-21 11:23:19.943root 11241100x8000000000000000524229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b7004f9bbf90142021-12-21 11:23:19.943root 11241100x8000000000000000524230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36267ad58a0f025d2021-12-21 11:23:19.943root 11241100x8000000000000000524231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0420e6cc59c74e22021-12-21 11:23:19.943root 11241100x8000000000000000524232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d84b6ea4a6c7082021-12-21 11:23:19.943root 11241100x8000000000000000524233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7666defdb5ed9b2021-12-21 11:23:19.944root 11241100x8000000000000000524234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c416125586388e2021-12-21 11:23:19.944root 11241100x8000000000000000524235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb41a1c78724a852021-12-21 11:23:19.944root 11241100x8000000000000000524236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78d0ec3e5859fa02021-12-21 11:23:19.944root 11241100x8000000000000000524237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df125ca9d8e90502021-12-21 11:23:19.944root 11241100x8000000000000000524238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f17b48975a859b2021-12-21 11:23:19.944root 11241100x8000000000000000524239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d165a9d682bee7c2021-12-21 11:23:19.944root 11241100x8000000000000000524240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47b9dc5e83e56872021-12-21 11:23:19.944root 11241100x8000000000000000524241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b4af8ca0614e1f2021-12-21 11:23:19.944root 11241100x8000000000000000524242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b1e09fe0dfac2f2021-12-21 11:23:19.944root 11241100x8000000000000000524243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ac3d47e30a15e82021-12-21 11:23:19.945root 11241100x8000000000000000524244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eb2898263e8b6a2021-12-21 11:23:19.945root 11241100x8000000000000000524245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619525018deef0c22021-12-21 11:23:19.945root 11241100x8000000000000000524246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84d4f7e11dd15f2021-12-21 11:23:19.945root 11241100x8000000000000000524247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a10c1f1a8f28d82021-12-21 11:23:19.945root 11241100x8000000000000000524248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4c3dc367fa13e52021-12-21 11:23:19.945root 11241100x8000000000000000524249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572013ee2b6000182021-12-21 11:23:19.946root 11241100x8000000000000000524250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a31ef0166b8f532021-12-21 11:23:19.946root 11241100x8000000000000000524251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cfbac3b504d2cb2021-12-21 11:23:20.443root 11241100x8000000000000000524252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5127be4d0222c62021-12-21 11:23:20.444root 11241100x8000000000000000524253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e754348aa0cb786e2021-12-21 11:23:20.444root 11241100x8000000000000000524254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c917d56489f01d2021-12-21 11:23:20.445root 11241100x8000000000000000524255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d6fbb39dc0f65f2021-12-21 11:23:20.445root 11241100x8000000000000000524256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8744bacc4262d82021-12-21 11:23:20.445root 11241100x8000000000000000524257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45a083553ea8a982021-12-21 11:23:20.445root 11241100x8000000000000000524258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2824ca61de8b9e2021-12-21 11:23:20.445root 11241100x8000000000000000524259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8b40171ff44bf62021-12-21 11:23:20.445root 11241100x8000000000000000524260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bc8f848620551d2021-12-21 11:23:20.446root 11241100x8000000000000000524261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a954787185db26ed2021-12-21 11:23:20.446root 11241100x8000000000000000524262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d48ca1dfd374982021-12-21 11:23:20.446root 11241100x8000000000000000524263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f54b1526b238b2021-12-21 11:23:20.446root 11241100x8000000000000000524264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9c7b0b560e2fb22021-12-21 11:23:20.446root 11241100x8000000000000000524265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638876c417f776702021-12-21 11:23:20.446root 11241100x8000000000000000524266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39299d25a48b7ce2021-12-21 11:23:20.446root 11241100x8000000000000000524267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc3a9c6087e5172021-12-21 11:23:20.446root 11241100x8000000000000000524268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9a380ff652a352021-12-21 11:23:20.446root 11241100x8000000000000000524269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89de659ccd5bb69c2021-12-21 11:23:20.942root 11241100x8000000000000000524270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1c3de844dea4162021-12-21 11:23:20.943root 11241100x8000000000000000524271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2b6ac109945bd72021-12-21 11:23:20.943root 11241100x8000000000000000524272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091843a78b169e5e2021-12-21 11:23:20.943root 11241100x8000000000000000524273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a1358d91d60cd12021-12-21 11:23:20.943root 11241100x8000000000000000524274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e045bc9b2300512021-12-21 11:23:20.943root 11241100x8000000000000000524275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8185c458b30fa12021-12-21 11:23:20.943root 11241100x8000000000000000524276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efac1ab2e5c940442021-12-21 11:23:20.943root 11241100x8000000000000000524277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b2fa7618c58912021-12-21 11:23:20.943root 11241100x8000000000000000524278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc89e4fbd05c06f12021-12-21 11:23:20.943root 11241100x8000000000000000524279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c61a3d8301616a52021-12-21 11:23:20.944root 11241100x8000000000000000524280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6622b8ca07630a132021-12-21 11:23:20.944root 11241100x8000000000000000524281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6676fbc96b164c242021-12-21 11:23:20.944root 11241100x8000000000000000524282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afff02aa3ba491b2021-12-21 11:23:20.944root 11241100x8000000000000000524283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942401eb59fde7af2021-12-21 11:23:20.944root 11241100x8000000000000000524284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b9d2d61f577b6e2021-12-21 11:23:20.944root 11241100x8000000000000000524285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257065355ab0bd5f2021-12-21 11:23:20.944root 11241100x8000000000000000524286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe194e0b874920a72021-12-21 11:23:20.944root 11241100x8000000000000000524287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec917538d32d05092021-12-21 11:23:20.945root 11241100x8000000000000000524288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32821be7c1ed2ca62021-12-21 11:23:20.945root 11241100x8000000000000000524289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38652bf101f05bd62021-12-21 11:23:20.945root 11241100x8000000000000000524290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a77ec4cc8f7f6a62021-12-21 11:23:20.945root 11241100x8000000000000000524291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a0fd98c2fd0a542021-12-21 11:23:20.945root 354300x8000000000000000524292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.018{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48466-false10.0.1.12-8000- 11241100x8000000000000000524293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c6680fb7cbb2ba2021-12-21 11:23:21.443root 11241100x8000000000000000524294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e467cc2597d44a1e2021-12-21 11:23:21.443root 11241100x8000000000000000524295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c840f2ed4a09ed12021-12-21 11:23:21.443root 11241100x8000000000000000524296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84633d8849ae2982021-12-21 11:23:21.443root 11241100x8000000000000000524297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6a37b293f1de22021-12-21 11:23:21.443root 11241100x8000000000000000524298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b234c6777196a56c2021-12-21 11:23:21.443root 11241100x8000000000000000524299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b401615110d1752021-12-21 11:23:21.444root 11241100x8000000000000000524300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e74009ab738d52021-12-21 11:23:21.444root 11241100x8000000000000000524301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e9a37d5c3859d2021-12-21 11:23:21.444root 11241100x8000000000000000524302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4875558984d9dbac2021-12-21 11:23:21.444root 11241100x8000000000000000524303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d51f09ee9272672021-12-21 11:23:21.444root 11241100x8000000000000000524304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b4f03fb435baa32021-12-21 11:23:21.444root 11241100x8000000000000000524305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b3336e2dd204e2021-12-21 11:23:21.444root 11241100x8000000000000000524306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f0cf3a4863faf2021-12-21 11:23:21.444root 11241100x8000000000000000524307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5877e9d688ca32021-12-21 11:23:21.444root 11241100x8000000000000000524308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0772dd3a4ad2a25f2021-12-21 11:23:21.444root 11241100x8000000000000000524309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e7bee37ffbcdb32021-12-21 11:23:21.445root 11241100x8000000000000000524310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017090f23c70b9182021-12-21 11:23:21.445root 11241100x8000000000000000524311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1842b9abb962dd912021-12-21 11:23:21.445root 11241100x8000000000000000524312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d85af6b9cf51cd2021-12-21 11:23:21.445root 11241100x8000000000000000524313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc25aa3d08fa046c2021-12-21 11:23:21.445root 11241100x8000000000000000524314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610cfb8405291652021-12-21 11:23:21.943root 11241100x8000000000000000524315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6cc70beae15bf42021-12-21 11:23:21.943root 11241100x8000000000000000524316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7536aac519e608ed2021-12-21 11:23:21.944root 11241100x8000000000000000524317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2f57649ca1e8b32021-12-21 11:23:21.944root 11241100x8000000000000000524318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90d517cb6985f5e2021-12-21 11:23:21.944root 11241100x8000000000000000524319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bade53792ce8de42021-12-21 11:23:21.944root 11241100x8000000000000000524320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078b5164c7a459992021-12-21 11:23:21.944root 11241100x8000000000000000524321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949949da0ceb0de32021-12-21 11:23:21.945root 11241100x8000000000000000524322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8fd879cfb9b4ed2021-12-21 11:23:21.945root 11241100x8000000000000000524323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993a4ceaec74f7b42021-12-21 11:23:21.945root 11241100x8000000000000000524324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4557b29dea8cc22021-12-21 11:23:21.945root 11241100x8000000000000000524325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b803cdcf0756fd4a2021-12-21 11:23:21.945root 11241100x8000000000000000524326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60579edf0d118282021-12-21 11:23:21.945root 11241100x8000000000000000524327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2557a6e859fb715d2021-12-21 11:23:21.945root 11241100x8000000000000000524328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16384e28887f492c2021-12-21 11:23:21.945root 11241100x8000000000000000524329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2628baf594d03bb12021-12-21 11:23:21.945root 11241100x8000000000000000524330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed0a00d6012d422021-12-21 11:23:21.945root 11241100x8000000000000000524331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e8d235cd569512021-12-21 11:23:21.946root 11241100x8000000000000000524332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45483fb91ef8a7492021-12-21 11:23:21.946root 11241100x8000000000000000524333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16997e709fe5ff612021-12-21 11:23:22.443root 11241100x8000000000000000524334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78512f1877d476582021-12-21 11:23:22.443root 11241100x8000000000000000524335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df139af2975031b2021-12-21 11:23:22.443root 11241100x8000000000000000524336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcae10607a0327a2021-12-21 11:23:22.444root 11241100x8000000000000000524337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0add9e34c886b702021-12-21 11:23:22.444root 11241100x8000000000000000524338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f63c4bf67ab850f2021-12-21 11:23:22.444root 11241100x8000000000000000524339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c11ae8df42e9352021-12-21 11:23:22.444root 11241100x8000000000000000524340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60760eefd5ed9d1c2021-12-21 11:23:22.444root 11241100x8000000000000000524341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53acb8baf0af9c342021-12-21 11:23:22.444root 11241100x8000000000000000524342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a34942578f9332021-12-21 11:23:22.444root 11241100x8000000000000000524343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c1ae14a962d05e2021-12-21 11:23:22.444root 11241100x8000000000000000524344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309a1fac08f6e452021-12-21 11:23:22.444root 11241100x8000000000000000524345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f2891d79fc79e42021-12-21 11:23:22.444root 11241100x8000000000000000524346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb54ef98e58fccb2021-12-21 11:23:22.444root 11241100x8000000000000000524347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a470b6b8e465262021-12-21 11:23:22.445root 11241100x8000000000000000524348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e89cf1544c2e68c2021-12-21 11:23:22.445root 11241100x8000000000000000524349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e787955a3129e82021-12-21 11:23:22.445root 11241100x8000000000000000524350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5289179c3c9be7b2021-12-21 11:23:22.445root 11241100x8000000000000000524351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef2a27d66e3dc192021-12-21 11:23:22.445root 11241100x8000000000000000524352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1776c1f872297a62021-12-21 11:23:22.943root 11241100x8000000000000000524353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0adb5dbb114be2021-12-21 11:23:22.943root 11241100x8000000000000000524354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b946a1b8045bc89f2021-12-21 11:23:22.943root 11241100x8000000000000000524355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed7c056143dfb122021-12-21 11:23:22.943root 11241100x8000000000000000524356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c615799b01ec8552021-12-21 11:23:22.943root 11241100x8000000000000000524357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0778c36ed26dc052021-12-21 11:23:22.944root 11241100x8000000000000000524358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef35e588ce9b832021-12-21 11:23:22.944root 11241100x8000000000000000524359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8114caaef6ece4112021-12-21 11:23:22.944root 11241100x8000000000000000524360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49009a1ac003106d2021-12-21 11:23:22.944root 11241100x8000000000000000524361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa85dfd429160a22021-12-21 11:23:22.944root 11241100x8000000000000000524362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf58c59d40a36dea2021-12-21 11:23:22.944root 11241100x8000000000000000524363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df85d59de917959e2021-12-21 11:23:22.945root 11241100x8000000000000000524364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ae64828d6549b32021-12-21 11:23:22.945root 11241100x8000000000000000524365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ea573ac212e6cd2021-12-21 11:23:22.945root 11241100x8000000000000000524366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9180b6086ec68daf2021-12-21 11:23:22.945root 11241100x8000000000000000524367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf876babf85dac172021-12-21 11:23:22.945root 11241100x8000000000000000524368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc37cbc4e74b41a22021-12-21 11:23:22.945root 11241100x8000000000000000524369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8b2e7008e7ddc62021-12-21 11:23:22.945root 11241100x8000000000000000524370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7639db25a985132021-12-21 11:23:22.945root 11241100x8000000000000000524371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be7c02e39c03e932021-12-21 11:23:22.945root 11241100x8000000000000000524372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd5538a6f686f012021-12-21 11:23:22.945root 11241100x8000000000000000524373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d0ff8fdea95e2b2021-12-21 11:23:23.443root 11241100x8000000000000000524374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03ee0953588b9242021-12-21 11:23:23.443root 11241100x8000000000000000524375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e908f1a38f57f2a72021-12-21 11:23:23.443root 11241100x8000000000000000524376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fb30f3fb0ad2262021-12-21 11:23:23.443root 11241100x8000000000000000524377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bf1e2af18b059d2021-12-21 11:23:23.444root 11241100x8000000000000000524378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f2b931bd1e782a2021-12-21 11:23:23.444root 11241100x8000000000000000524379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506e601f007c56912021-12-21 11:23:23.444root 11241100x8000000000000000524380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f24fc505af97f02021-12-21 11:23:23.444root 11241100x8000000000000000524381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f3ff170eab0762021-12-21 11:23:23.444root 11241100x8000000000000000524382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50640e03b349b2482021-12-21 11:23:23.444root 11241100x8000000000000000524383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de4af00a8821b3f2021-12-21 11:23:23.444root 11241100x8000000000000000524384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048eaff100e0c81b2021-12-21 11:23:23.444root 11241100x8000000000000000524385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a780c62d2c242c32021-12-21 11:23:23.444root 11241100x8000000000000000524386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25516301be5fea192021-12-21 11:23:23.444root 11241100x8000000000000000524387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7276c67fcdeed72021-12-21 11:23:23.444root 11241100x8000000000000000524388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b88fe611ca33f12021-12-21 11:23:23.444root 11241100x8000000000000000524389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c46dcd0afd19432021-12-21 11:23:23.444root 11241100x8000000000000000524390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f2491d0406bccc2021-12-21 11:23:23.444root 11241100x8000000000000000524391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab65845b23663102021-12-21 11:23:23.445root 11241100x8000000000000000524392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d286f06cbd90c9a2021-12-21 11:23:23.943root 11241100x8000000000000000524393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1200076573f4517f2021-12-21 11:23:23.943root 11241100x8000000000000000524394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb33616b2c23ed2021-12-21 11:23:23.943root 11241100x8000000000000000524395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be5b90806442d3a2021-12-21 11:23:23.943root 11241100x8000000000000000524396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8aba8939976042021-12-21 11:23:23.943root 11241100x8000000000000000524397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f3196fda131522021-12-21 11:23:23.943root 11241100x8000000000000000524398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447473774de1148a2021-12-21 11:23:23.944root 11241100x8000000000000000524399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f07ecb424fca9d2021-12-21 11:23:23.944root 11241100x8000000000000000524400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1fc63b9fc7b312021-12-21 11:23:23.944root 11241100x8000000000000000524401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0ac5cab524a0b2021-12-21 11:23:23.944root 11241100x8000000000000000524402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2051c41a58f3312021-12-21 11:23:23.944root 11241100x8000000000000000524403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdc792f25f819c72021-12-21 11:23:23.944root 11241100x8000000000000000524404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9966be9cde999c2021-12-21 11:23:23.945root 11241100x8000000000000000524405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7ad9f00f6c1022021-12-21 11:23:23.945root 11241100x8000000000000000524406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a2a97601ac6982021-12-21 11:23:23.945root 11241100x8000000000000000524407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb147709c86d2382021-12-21 11:23:23.945root 11241100x8000000000000000524408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fbfd7ea6bcbad22021-12-21 11:23:23.945root 11241100x8000000000000000524409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11e946b598f93b2021-12-21 11:23:23.945root 11241100x8000000000000000524410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e58d3fcbbf8ac312021-12-21 11:23:23.945root 11241100x8000000000000000524411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfff2f6c6d829912021-12-21 11:23:23.945root 11241100x8000000000000000524412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474f66150ba2457e2021-12-21 11:23:24.443root 11241100x8000000000000000524413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5d3eaecdbcda412021-12-21 11:23:24.443root 11241100x8000000000000000524414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b78e3eed65bdc92021-12-21 11:23:24.443root 11241100x8000000000000000524415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7582a6cdeab7a52021-12-21 11:23:24.444root 11241100x8000000000000000524416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e358b110e472052021-12-21 11:23:24.444root 11241100x8000000000000000524417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795b7e4afdf22852021-12-21 11:23:24.444root 11241100x8000000000000000524418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdf609997fe97632021-12-21 11:23:24.444root 11241100x8000000000000000524419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a0a945b5936e1d2021-12-21 11:23:24.444root 11241100x8000000000000000524420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34481d01c8fc19d02021-12-21 11:23:24.444root 11241100x8000000000000000524421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13201b410ca176872021-12-21 11:23:24.444root 11241100x8000000000000000524422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a5a2512caf53732021-12-21 11:23:24.444root 11241100x8000000000000000524423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190503da64a360a52021-12-21 11:23:24.444root 11241100x8000000000000000524424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd826bfa6a2a1fa2021-12-21 11:23:24.444root 11241100x8000000000000000524425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670b90eaef2b0f962021-12-21 11:23:24.444root 11241100x8000000000000000524426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa36cd7a393a4c8c2021-12-21 11:23:24.445root 11241100x8000000000000000524427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1306b30f595e692021-12-21 11:23:24.445root 11241100x8000000000000000524428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce87091b92b79752021-12-21 11:23:24.445root 11241100x8000000000000000524429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79caec2580270fd72021-12-21 11:23:24.445root 11241100x8000000000000000524430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7af00fed1e377622021-12-21 11:23:24.445root 11241100x8000000000000000524431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f0a5779dc92b9f2021-12-21 11:23:24.943root 11241100x8000000000000000524432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbec92b122433a4c2021-12-21 11:23:24.943root 11241100x8000000000000000524433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a78dfacfdda31852021-12-21 11:23:24.943root 11241100x8000000000000000524434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f25b026f51784e2021-12-21 11:23:24.943root 11241100x8000000000000000524435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33058c9163efb5ab2021-12-21 11:23:24.943root 11241100x8000000000000000524436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3027ea5c5aae318c2021-12-21 11:23:24.944root 11241100x8000000000000000524437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495278eb9249b3f42021-12-21 11:23:24.944root 11241100x8000000000000000524438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469085e053796f852021-12-21 11:23:24.944root 11241100x8000000000000000524439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9507a882136691cb2021-12-21 11:23:24.944root 11241100x8000000000000000524440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b93bb344377c4bf2021-12-21 11:23:24.944root 11241100x8000000000000000524441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f364352ea5d29562021-12-21 11:23:24.944root 11241100x8000000000000000524442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df093335564af24f2021-12-21 11:23:24.944root 11241100x8000000000000000524443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893a8f1155618a12021-12-21 11:23:24.944root 11241100x8000000000000000524444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a5e21aa239630e2021-12-21 11:23:24.944root 11241100x8000000000000000524445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6629e158ef1862021-12-21 11:23:24.945root 11241100x8000000000000000524446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f7b564f43be1e52021-12-21 11:23:24.945root 11241100x8000000000000000524447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242b52a40a7703412021-12-21 11:23:24.945root 11241100x8000000000000000524448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d17b86b64616a52021-12-21 11:23:24.945root 11241100x8000000000000000524449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955990f738de5b072021-12-21 11:23:24.945root 354300x8000000000000000524450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.437{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35532-false10.0.1.12-8089- 11241100x8000000000000000524451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1d63430e88b922021-12-21 11:23:25.437root 11241100x8000000000000000524452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27bfdb007e7df32021-12-21 11:23:25.438root 11241100x8000000000000000524453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec66c7123e8f9ea32021-12-21 11:23:25.438root 11241100x8000000000000000524454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332da52d4b0a4ed2021-12-21 11:23:25.438root 11241100x8000000000000000524455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eac9d88580a0a22021-12-21 11:23:25.438root 11241100x8000000000000000524456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1593168403754aa12021-12-21 11:23:25.438root 11241100x8000000000000000524457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056790592fde0962021-12-21 11:23:25.438root 11241100x8000000000000000524458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d454a306bb5921022021-12-21 11:23:25.439root 11241100x8000000000000000524459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3378e69b370cd6b12021-12-21 11:23:25.439root 11241100x8000000000000000524460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fcfc5c5343ab02021-12-21 11:23:25.439root 11241100x8000000000000000524461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac5fb4d075a2ce2021-12-21 11:23:25.439root 11241100x8000000000000000524462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197609b3283c74112021-12-21 11:23:25.439root 11241100x8000000000000000524463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6d1fe987b79f222021-12-21 11:23:25.439root 11241100x8000000000000000524464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8842eb197a30e7962021-12-21 11:23:25.440root 11241100x8000000000000000524465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0813e057a565ab2021-12-21 11:23:25.440root 11241100x8000000000000000524466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb66ec858caf64362021-12-21 11:23:25.440root 11241100x8000000000000000524467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326d7ba5ecc46ba32021-12-21 11:23:25.440root 11241100x8000000000000000524468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3c4b7d2856136d2021-12-21 11:23:25.440root 11241100x8000000000000000524469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b2f7fcdda59cf2021-12-21 11:23:25.440root 11241100x8000000000000000524470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a243de43a783dc2021-12-21 11:23:25.441root 11241100x8000000000000000524471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3fb60c342547fa2021-12-21 11:23:25.441root 11241100x8000000000000000524472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf506378df8fb272021-12-21 11:23:25.441root 11241100x8000000000000000524473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad8a9cf95a153142021-12-21 11:23:25.441root 11241100x8000000000000000524474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e2e5e07e20f7362021-12-21 11:23:25.693root 11241100x8000000000000000524475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e325b9e95b973a2021-12-21 11:23:25.693root 11241100x8000000000000000524476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e807378ca300692021-12-21 11:23:25.694root 11241100x8000000000000000524477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fb2ae39189e1612021-12-21 11:23:25.694root 11241100x8000000000000000524478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197d3019cb172e272021-12-21 11:23:25.694root 11241100x8000000000000000524479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50279971e27e897e2021-12-21 11:23:25.694root 11241100x8000000000000000524480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48292b209e74275d2021-12-21 11:23:25.694root 11241100x8000000000000000524481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec09ff628937cc682021-12-21 11:23:25.694root 11241100x8000000000000000524482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9009aa994d36b5fb2021-12-21 11:23:25.694root 11241100x8000000000000000524483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb923d6704cb13832021-12-21 11:23:25.695root 11241100x8000000000000000524484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a79751921c74ac2021-12-21 11:23:25.695root 11241100x8000000000000000524485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d82b22f83777282021-12-21 11:23:25.695root 11241100x8000000000000000524486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2c579d5190674f2021-12-21 11:23:25.695root 11241100x8000000000000000524487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da615b5bead0c8f32021-12-21 11:23:25.695root 11241100x8000000000000000524488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2243a556a212d0742021-12-21 11:23:25.695root 11241100x8000000000000000524489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b2ca86d4000a8b2021-12-21 11:23:25.695root 11241100x8000000000000000524490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b048164234ef38c42021-12-21 11:23:25.695root 11241100x8000000000000000524491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b2859f51f08fb2021-12-21 11:23:25.695root 11241100x8000000000000000524492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f93f2f78dcc88a2021-12-21 11:23:25.695root 11241100x8000000000000000524493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e7c306a7a188332021-12-21 11:23:25.695root 11241100x8000000000000000524494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0cf77b4f4b5ef2021-12-21 11:23:26.193root 11241100x8000000000000000524495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83849c4f314294e2021-12-21 11:23:26.193root 11241100x8000000000000000524496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9236c8c5890992602021-12-21 11:23:26.193root 11241100x8000000000000000524497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62190f04d8ac44a02021-12-21 11:23:26.194root 11241100x8000000000000000524498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7307983baec84412021-12-21 11:23:26.194root 11241100x8000000000000000524499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923cb05683a698722021-12-21 11:23:26.194root 11241100x8000000000000000524500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d3f98f67a8e50f2021-12-21 11:23:26.194root 11241100x8000000000000000524501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2d27e607a9097a2021-12-21 11:23:26.194root 11241100x8000000000000000524502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a20ce4638b19df2021-12-21 11:23:26.194root 11241100x8000000000000000524503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653c7e80522a7ea02021-12-21 11:23:26.194root 11241100x8000000000000000524504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14938e992bf6d61c2021-12-21 11:23:26.194root 11241100x8000000000000000524505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0abfc2e3d97d0db2021-12-21 11:23:26.194root 11241100x8000000000000000524506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4866e1be08c05b2f2021-12-21 11:23:26.194root 11241100x8000000000000000524507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc4b43ad521b0c42021-12-21 11:23:26.194root 11241100x8000000000000000524508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080415041945fd322021-12-21 11:23:26.195root 11241100x8000000000000000524509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c8485c95cae7312021-12-21 11:23:26.195root 11241100x8000000000000000524510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbf2e18ec811fb2021-12-21 11:23:26.195root 11241100x8000000000000000524511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65c82c588400cad2021-12-21 11:23:26.195root 11241100x8000000000000000524512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69e9d3d24f9f812021-12-21 11:23:26.195root 11241100x8000000000000000524513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e32c5a99af19bc2021-12-21 11:23:26.195root 11241100x8000000000000000524514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175f4cbaa200b202021-12-21 11:23:26.693root 11241100x8000000000000000524515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb7de5ecdee3e32021-12-21 11:23:26.693root 11241100x8000000000000000524516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b38893042a2e82021-12-21 11:23:26.693root 11241100x8000000000000000524517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2646856bf3d2f9502021-12-21 11:23:26.694root 11241100x8000000000000000524518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c80a3d221c16592021-12-21 11:23:26.694root 11241100x8000000000000000524519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0040703560ca67242021-12-21 11:23:26.694root 11241100x8000000000000000524520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7718e64b964fc6072021-12-21 11:23:26.694root 11241100x8000000000000000524521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2cd2ac452921ed2021-12-21 11:23:26.694root 11241100x8000000000000000524522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c6a93ea36325b22021-12-21 11:23:26.694root 11241100x8000000000000000524523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46f5bd3628494202021-12-21 11:23:26.694root 11241100x8000000000000000524524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a19e6d0f28268ac2021-12-21 11:23:26.694root 11241100x8000000000000000524525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d3e579a626048f2021-12-21 11:23:26.695root 11241100x8000000000000000524526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44f2b262f5328f32021-12-21 11:23:26.695root 11241100x8000000000000000524527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c87b877d8c42d2021-12-21 11:23:26.695root 11241100x8000000000000000524528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d3f8922cb9a6dd2021-12-21 11:23:26.695root 11241100x8000000000000000524529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0281f6566f334572021-12-21 11:23:26.695root 11241100x8000000000000000524530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c17a75701093b22021-12-21 11:23:26.695root 11241100x8000000000000000524531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792072a2610ef10f2021-12-21 11:23:26.696root 11241100x8000000000000000524532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d66cf262411fe712021-12-21 11:23:26.696root 11241100x8000000000000000524533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a58040754d2bb02021-12-21 11:23:26.696root 354300x8000000000000000524534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48470-false10.0.1.12-8000- 11241100x8000000000000000524535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa75db97431883ac2021-12-21 11:23:27.016root 11241100x8000000000000000524536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba6d656de641f52021-12-21 11:23:27.016root 11241100x8000000000000000524537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29730e462582d1ef2021-12-21 11:23:27.017root 11241100x8000000000000000524538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b3a5d79e3464d82021-12-21 11:23:27.017root 11241100x8000000000000000524539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fd9f78e4b66d392021-12-21 11:23:27.017root 11241100x8000000000000000524540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e280ba44d82542021-12-21 11:23:27.017root 11241100x8000000000000000524541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86394c572359672021-12-21 11:23:27.017root 11241100x8000000000000000524542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d96703235d0df812021-12-21 11:23:27.017root 11241100x8000000000000000524543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3c01f5d49e9e7a2021-12-21 11:23:27.017root 11241100x8000000000000000524544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6044e1afceb61f012021-12-21 11:23:27.018root 11241100x8000000000000000524545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d33849a1248ae722021-12-21 11:23:27.018root 11241100x8000000000000000524546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5fb2add60637872021-12-21 11:23:27.018root 11241100x8000000000000000524547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc4a306c623ab812021-12-21 11:23:27.018root 11241100x8000000000000000524548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c82b8e7188da942021-12-21 11:23:27.018root 11241100x8000000000000000524549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794279f9d8ea62682021-12-21 11:23:27.018root 11241100x8000000000000000524550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f454e57143d772021-12-21 11:23:27.019root 11241100x8000000000000000524551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c792d37e0418b49c2021-12-21 11:23:27.019root 11241100x8000000000000000524552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cdc62805183c102021-12-21 11:23:27.019root 11241100x8000000000000000524553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff32397b585c14d2021-12-21 11:23:27.019root 11241100x8000000000000000524554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b372d5a9f91c7c2021-12-21 11:23:27.020root 11241100x8000000000000000524555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37de4eea6f3b4fec2021-12-21 11:23:27.020root 11241100x8000000000000000524556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b53a6403b3018e2021-12-21 11:23:27.020root 11241100x8000000000000000524557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec09c7fcea9e2612021-12-21 11:23:27.020root 11241100x8000000000000000524558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf83a1a1ad4e7b2021-12-21 11:23:27.020root 11241100x8000000000000000524559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ab375eaf0c85f2021-12-21 11:23:27.020root 11241100x8000000000000000524560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554609817a9be312021-12-21 11:23:27.021root 11241100x8000000000000000524561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6f315cc16f10512021-12-21 11:23:27.021root 11241100x8000000000000000524562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51026870d0efbd892021-12-21 11:23:27.021root 11241100x8000000000000000524563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1227fc4ee03a1eb2021-12-21 11:23:27.021root 11241100x8000000000000000524564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6132682b0b17f79b2021-12-21 11:23:27.443root 11241100x8000000000000000524565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848096948bcf3ed2021-12-21 11:23:27.443root 11241100x8000000000000000524566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae7e49a7e7080c82021-12-21 11:23:27.443root 11241100x8000000000000000524567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed42165e5fc08282021-12-21 11:23:27.444root 11241100x8000000000000000524568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acefcc8848bcdc892021-12-21 11:23:27.444root 11241100x8000000000000000524569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89880f3f347f5c22021-12-21 11:23:27.444root 11241100x8000000000000000524570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730c8ab90818ca72021-12-21 11:23:27.444root 11241100x8000000000000000524571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7429b450568c0972021-12-21 11:23:27.444root 11241100x8000000000000000524572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83013a3dd10ba5e2021-12-21 11:23:27.444root 11241100x8000000000000000524573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8301d132658fb8682021-12-21 11:23:27.444root 11241100x8000000000000000524574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba51b56858e4484b2021-12-21 11:23:27.444root 11241100x8000000000000000524575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cbeac14533e6582021-12-21 11:23:27.444root 11241100x8000000000000000524576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749b5cba45d6c7d22021-12-21 11:23:27.444root 11241100x8000000000000000524577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d0ac8b0214b0212021-12-21 11:23:27.445root 11241100x8000000000000000524578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285e796abc69c2e32021-12-21 11:23:27.445root 11241100x8000000000000000524579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162e6c5b98e7a1c2021-12-21 11:23:27.445root 11241100x8000000000000000524580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82fa32870ed22b2021-12-21 11:23:27.445root 11241100x8000000000000000524581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1652a136666d6f2021-12-21 11:23:27.445root 11241100x8000000000000000524582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e9762b4ba7d1102021-12-21 11:23:27.445root 11241100x8000000000000000524583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f195153270ec7992021-12-21 11:23:27.446root 11241100x8000000000000000524584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ee9943c70d63cf2021-12-21 11:23:27.446root 11241100x8000000000000000524585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc68fb045a7c44e42021-12-21 11:23:27.943root 11241100x8000000000000000524586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0188d4c81c37fe232021-12-21 11:23:27.943root 11241100x8000000000000000524587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585843112eff73742021-12-21 11:23:27.943root 11241100x8000000000000000524588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d25a4434e5581e2021-12-21 11:23:27.943root 11241100x8000000000000000524589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366b2fa8e2fbe552021-12-21 11:23:27.943root 11241100x8000000000000000524590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae17e3c16d32f91c2021-12-21 11:23:27.943root 11241100x8000000000000000524591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c22aabb1060a4a2021-12-21 11:23:27.944root 11241100x8000000000000000524592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f199d3df1f66162021-12-21 11:23:27.944root 11241100x8000000000000000524593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ab436d66e3585f2021-12-21 11:23:27.944root 11241100x8000000000000000524594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfba202d0e77d7d12021-12-21 11:23:27.944root 11241100x8000000000000000524595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab86daa31a093c92021-12-21 11:23:27.944root 11241100x8000000000000000524596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b95b5b71d3874f2021-12-21 11:23:27.944root 11241100x8000000000000000524597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fecc2dc023a1fab2021-12-21 11:23:27.944root 11241100x8000000000000000524598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49b1158025b2eda2021-12-21 11:23:27.944root 11241100x8000000000000000524599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a923e8ef4831a4032021-12-21 11:23:27.945root 11241100x8000000000000000524600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17621604007e895c2021-12-21 11:23:27.945root 11241100x8000000000000000524601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f62da742c37f9e72021-12-21 11:23:27.945root 11241100x8000000000000000524602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74be2fccb0fdeccd2021-12-21 11:23:27.945root 11241100x8000000000000000524603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8251dd0ee81ea0c02021-12-21 11:23:27.945root 11241100x8000000000000000524604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee776da5d57806342021-12-21 11:23:27.945root 11241100x8000000000000000524605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b43901e72338482021-12-21 11:23:27.945root 11241100x8000000000000000524606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c84558ea106ca712021-12-21 11:23:28.443root 11241100x8000000000000000524607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e655539b0c93dbc2021-12-21 11:23:28.443root 11241100x8000000000000000524608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db3619daee4a5b2021-12-21 11:23:28.443root 11241100x8000000000000000524609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a972844da84a9c562021-12-21 11:23:28.443root 11241100x8000000000000000524610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4a056216b18f22021-12-21 11:23:28.443root 11241100x8000000000000000524611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea53556e382107f2021-12-21 11:23:28.444root 11241100x8000000000000000524612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b2893ec37258c02021-12-21 11:23:28.444root 11241100x8000000000000000524613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38af1729fdaa86622021-12-21 11:23:28.444root 11241100x8000000000000000524614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57476ce8071a4c862021-12-21 11:23:28.444root 11241100x8000000000000000524615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b580c406aa5b8aa2021-12-21 11:23:28.444root 11241100x8000000000000000524616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a1390c2832113a2021-12-21 11:23:28.444root 11241100x8000000000000000524617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a0782363872ab2021-12-21 11:23:28.444root 11241100x8000000000000000524618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642eb651c0e6f8b2021-12-21 11:23:28.444root 11241100x8000000000000000524619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b6f349cf003892021-12-21 11:23:28.445root 11241100x8000000000000000524620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d5238ef7f11ba92021-12-21 11:23:28.445root 11241100x8000000000000000524621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6c439b9307d1202021-12-21 11:23:28.445root 11241100x8000000000000000524622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef743590f0d2781a2021-12-21 11:23:28.445root 11241100x8000000000000000524623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0b3aa1798842d22021-12-21 11:23:28.445root 11241100x8000000000000000524624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c311c33be029b62021-12-21 11:23:28.445root 11241100x8000000000000000524625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5925340ae8e3272021-12-21 11:23:28.445root 11241100x8000000000000000524626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a045713b989dc02021-12-21 11:23:28.445root 11241100x8000000000000000524627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933a18f1e09f70eb2021-12-21 11:23:28.445root 11241100x8000000000000000524628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83e6ec5c6c6a0fa2021-12-21 11:23:28.445root 11241100x8000000000000000524629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913b78bbd65afb8d2021-12-21 11:23:28.445root 11241100x8000000000000000524630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9095c395f11b662021-12-21 11:23:28.446root 11241100x8000000000000000524631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb27337cff3c23762021-12-21 11:23:28.446root 11241100x8000000000000000524632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe7106d80d0fd472021-12-21 11:23:28.446root 11241100x8000000000000000524633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c01062fb19aef32021-12-21 11:23:28.943root 11241100x8000000000000000524634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24c46a3b7b890592021-12-21 11:23:28.943root 11241100x8000000000000000524635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105ef3ee0f0af642021-12-21 11:23:28.943root 11241100x8000000000000000524636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aca29ffd3a6af02021-12-21 11:23:28.943root 11241100x8000000000000000524637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494fc05116d92272021-12-21 11:23:28.943root 11241100x8000000000000000524638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0923ce7c785dcd2021-12-21 11:23:28.944root 11241100x8000000000000000524639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f913a38e510421e2021-12-21 11:23:28.944root 11241100x8000000000000000524640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca709e8f0d2f6872021-12-21 11:23:28.944root 11241100x8000000000000000524641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83a1c8df8a9b9d92021-12-21 11:23:28.944root 11241100x8000000000000000524642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad217136caf78242021-12-21 11:23:28.944root 11241100x8000000000000000524643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c74290b2ceb902021-12-21 11:23:28.944root 11241100x8000000000000000524644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8797a0f02763e2b2021-12-21 11:23:28.944root 11241100x8000000000000000524645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8b44822b527022021-12-21 11:23:28.945root 11241100x8000000000000000524646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0aa7f7aa38662a2021-12-21 11:23:28.945root 11241100x8000000000000000524647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d1d946db1c0f42021-12-21 11:23:28.945root 11241100x8000000000000000524648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5f94bcef03d4f2021-12-21 11:23:28.945root 11241100x8000000000000000524649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a62eb945d993272021-12-21 11:23:28.946root 11241100x8000000000000000524650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40209949d6743c062021-12-21 11:23:28.946root 11241100x8000000000000000524651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6127f4fa34f2c72021-12-21 11:23:28.946root 11241100x8000000000000000524652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f284eb8069d598f2021-12-21 11:23:28.946root 11241100x8000000000000000524653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78285ab8b7cebdab2021-12-21 11:23:28.946root 11241100x8000000000000000524654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dc59c69fc6585b2021-12-21 11:23:28.946root 11241100x8000000000000000524655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a4d366ec55f1592021-12-21 11:23:28.947root 11241100x8000000000000000524656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66a7c0a433bdf22021-12-21 11:23:28.947root 11241100x8000000000000000524657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30602db298f50a22021-12-21 11:23:28.947root 11241100x8000000000000000524658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f8206363263522021-12-21 11:23:28.947root 11241100x8000000000000000524659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e235c22580839f02021-12-21 11:23:28.947root 11241100x8000000000000000524660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83df097ff7eac82021-12-21 11:23:28.947root 11241100x8000000000000000524661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6916c222eaf0852021-12-21 11:23:29.443root 11241100x8000000000000000524662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e5dbb75c976d812021-12-21 11:23:29.443root 11241100x8000000000000000524663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b132eba884ee0b3a2021-12-21 11:23:29.443root 11241100x8000000000000000524664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fd5989c0849a162021-12-21 11:23:29.443root 11241100x8000000000000000524665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db89007c34151c32021-12-21 11:23:29.444root 11241100x8000000000000000524666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfa73723a21f1b02021-12-21 11:23:29.444root 11241100x8000000000000000524667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b3cded54a5f3c2021-12-21 11:23:29.445root 11241100x8000000000000000524668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189d2fe47f7e6d0f2021-12-21 11:23:29.445root 11241100x8000000000000000524669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0541c5b65997be5a2021-12-21 11:23:29.445root 11241100x8000000000000000524670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e47505f186e7372021-12-21 11:23:29.445root 11241100x8000000000000000524671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dce0377f5c439c82021-12-21 11:23:29.445root 11241100x8000000000000000524672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44df56b7ef9ddf052021-12-21 11:23:29.445root 11241100x8000000000000000524673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a9bc638f48b7952021-12-21 11:23:29.446root 11241100x8000000000000000524674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95cbd7538da18e62021-12-21 11:23:29.446root 11241100x8000000000000000524675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ac10b1e2ab6e82021-12-21 11:23:29.446root 11241100x8000000000000000524676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43348dd443dfd85f2021-12-21 11:23:29.446root 11241100x8000000000000000524677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bdec026b55f1ae2021-12-21 11:23:29.446root 11241100x8000000000000000524678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f675e17b01eb82021-12-21 11:23:29.446root 11241100x8000000000000000524679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d45b23c6c4b082021-12-21 11:23:29.446root 11241100x8000000000000000524680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff969e0e00761cef2021-12-21 11:23:29.446root 11241100x8000000000000000524681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd6920e603b4222021-12-21 11:23:29.446root 11241100x8000000000000000524682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30994f27f5f01a32021-12-21 11:23:29.447root 11241100x8000000000000000524683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f29deab1875201e2021-12-21 11:23:29.943root 11241100x8000000000000000524684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9b16b7f8d3b3842021-12-21 11:23:29.943root 11241100x8000000000000000524685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b652da582ca77a272021-12-21 11:23:29.943root 11241100x8000000000000000524686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f571dc6406c6e2021-12-21 11:23:29.943root 11241100x8000000000000000524687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff4521c92fb8be2021-12-21 11:23:29.943root 11241100x8000000000000000524688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bea94267c8cb502021-12-21 11:23:29.944root 11241100x8000000000000000524689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafd4307ba5722352021-12-21 11:23:29.944root 11241100x8000000000000000524690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479fe53746f2368e2021-12-21 11:23:29.944root 11241100x8000000000000000524691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab3a2b7521cdf032021-12-21 11:23:29.944root 11241100x8000000000000000524692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a614e54e8d5d12021-12-21 11:23:29.944root 11241100x8000000000000000524693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5183d4e86696d1a2021-12-21 11:23:29.944root 11241100x8000000000000000524694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d414fb0795a4e4c12021-12-21 11:23:29.944root 11241100x8000000000000000524695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac0767be49eae192021-12-21 11:23:29.944root 11241100x8000000000000000524696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cecd08f9915ad22021-12-21 11:23:29.944root 11241100x8000000000000000524697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229049357f39a3672021-12-21 11:23:29.944root 11241100x8000000000000000524698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2734d6a171f2d4602021-12-21 11:23:29.944root 11241100x8000000000000000524699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6addae6fc02bf42021-12-21 11:23:29.944root 11241100x8000000000000000524700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cfd754144f39112021-12-21 11:23:29.944root 11241100x8000000000000000524701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da76510afe2c302021-12-21 11:23:29.944root 11241100x8000000000000000524702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c31d06184f827f92021-12-21 11:23:29.944root 11241100x8000000000000000524703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee18bcdb5b05ec32021-12-21 11:23:29.945root 11241100x8000000000000000524704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea83616117a0582021-12-21 11:23:30.443root 11241100x8000000000000000524705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77e861fcaa5cd992021-12-21 11:23:30.443root 11241100x8000000000000000524706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d4179e7d73be482021-12-21 11:23:30.443root 11241100x8000000000000000524707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ba3ffbb82df3f2021-12-21 11:23:30.443root 11241100x8000000000000000524708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dafecd0e546d79f2021-12-21 11:23:30.444root 11241100x8000000000000000524709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f35186c9c5e75f2021-12-21 11:23:30.444root 11241100x8000000000000000524710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc8030b7ce762e22021-12-21 11:23:30.444root 11241100x8000000000000000524711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443a712c14af3a82021-12-21 11:23:30.444root 11241100x8000000000000000524712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79177ee3d6c95d582021-12-21 11:23:30.444root 11241100x8000000000000000524713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96913bdf30115a22021-12-21 11:23:30.444root 11241100x8000000000000000524714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f020a0ae1e7ad1c52021-12-21 11:23:30.444root 11241100x8000000000000000524715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f5f1593b4803b2021-12-21 11:23:30.444root 11241100x8000000000000000524716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e508306b5b2dbe32021-12-21 11:23:30.444root 11241100x8000000000000000524717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104bbb62bb8e81312021-12-21 11:23:30.444root 11241100x8000000000000000524718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9fa43949305aaf2021-12-21 11:23:30.444root 11241100x8000000000000000524719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b15a2901afa4182021-12-21 11:23:30.444root 11241100x8000000000000000524720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256abbae1c565d482021-12-21 11:23:30.444root 11241100x8000000000000000524721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b805cbd08805aa6b2021-12-21 11:23:30.444root 11241100x8000000000000000524722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb02be4ba3fc4aa2021-12-21 11:23:30.444root 11241100x8000000000000000524723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e186f5fc228b636a2021-12-21 11:23:30.445root 11241100x8000000000000000524724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c176eb8a55aafd2021-12-21 11:23:30.445root 11241100x8000000000000000524725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b515e39080b31b942021-12-21 11:23:30.943root 11241100x8000000000000000524726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3684bf5ae8c476222021-12-21 11:23:30.943root 11241100x8000000000000000524727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5588b92e167064a82021-12-21 11:23:30.943root 11241100x8000000000000000524728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260d361f61aeff02021-12-21 11:23:30.943root 11241100x8000000000000000524729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e333c6429de90f42021-12-21 11:23:30.944root 11241100x8000000000000000524730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3772d9912fddd92021-12-21 11:23:30.944root 11241100x8000000000000000524731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076db8f0728797c02021-12-21 11:23:30.944root 11241100x8000000000000000524732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddc627541768e992021-12-21 11:23:30.944root 11241100x8000000000000000524733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a76d15a1a5e43f2021-12-21 11:23:30.944root 11241100x8000000000000000524734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83beafb3f9874f102021-12-21 11:23:30.944root 11241100x8000000000000000524735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8a9b2ae92f7542021-12-21 11:23:30.944root 11241100x8000000000000000524736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb833fe74f9f842021-12-21 11:23:30.944root 11241100x8000000000000000524737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f583ff6ef37dbc2021-12-21 11:23:30.944root 11241100x8000000000000000524738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b49b3f59ced7e2021-12-21 11:23:30.944root 11241100x8000000000000000524739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a227cdbb22ea732021-12-21 11:23:30.944root 11241100x8000000000000000524740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400be87801a604862021-12-21 11:23:30.944root 11241100x8000000000000000524741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9426ef37a4f084e2021-12-21 11:23:30.944root 11241100x8000000000000000524742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9753781012df63292021-12-21 11:23:30.945root 11241100x8000000000000000524743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fed225c42f6a712021-12-21 11:23:30.945root 11241100x8000000000000000524744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef21af5738f28092021-12-21 11:23:30.945root 11241100x8000000000000000524745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388085db827d4b7f2021-12-21 11:23:30.945root 11241100x8000000000000000524746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9097554762c4bf722021-12-21 11:23:31.443root 11241100x8000000000000000524747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95a42aeb6638cbc2021-12-21 11:23:31.443root 11241100x8000000000000000524748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476cc7f8e62925242021-12-21 11:23:31.443root 11241100x8000000000000000524749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1453cfd00752111a2021-12-21 11:23:31.443root 11241100x8000000000000000524750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d8e547a3bdb8b62021-12-21 11:23:31.444root 11241100x8000000000000000524751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b1d12e5f880f02021-12-21 11:23:31.444root 11241100x8000000000000000524752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d364488b89feddd2021-12-21 11:23:31.444root 11241100x8000000000000000524753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e771701e98050b7f2021-12-21 11:23:31.444root 11241100x8000000000000000524754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a846e8caa033c22021-12-21 11:23:31.444root 11241100x8000000000000000524755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424a16a4eb7f7742021-12-21 11:23:31.444root 11241100x8000000000000000524756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f469eaa3369a68ad2021-12-21 11:23:31.444root 11241100x8000000000000000524757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed45ab7f052eb7a2021-12-21 11:23:31.444root 11241100x8000000000000000524758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7297a41feb29fd2021-12-21 11:23:31.445root 11241100x8000000000000000524759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dc0f9c95ab5bc82021-12-21 11:23:31.445root 11241100x8000000000000000524760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554150a35ff9c4602021-12-21 11:23:31.445root 11241100x8000000000000000524761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c4e912d45575cc2021-12-21 11:23:31.445root 11241100x8000000000000000524762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f655f53c07e1e7292021-12-21 11:23:31.445root 11241100x8000000000000000524763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b84bbe800c59ad2021-12-21 11:23:31.445root 11241100x8000000000000000524764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1c4113183b6a012021-12-21 11:23:31.445root 11241100x8000000000000000524765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d702897b678432021-12-21 11:23:31.445root 11241100x8000000000000000524766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67672c6e3ec06e5a2021-12-21 11:23:31.445root 11241100x8000000000000000524767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb10d6331db1a8d82021-12-21 11:23:31.943root 11241100x8000000000000000524768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c99937b839abbd2021-12-21 11:23:31.943root 11241100x8000000000000000524769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935b0a1e59031a312021-12-21 11:23:31.943root 11241100x8000000000000000524770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b8fe74f5934ee42021-12-21 11:23:31.943root 11241100x8000000000000000524771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0bf777aa9fde402021-12-21 11:23:31.943root 11241100x8000000000000000524772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b87d0c27a1999e2021-12-21 11:23:31.943root 11241100x8000000000000000524773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06753516a7bbec162021-12-21 11:23:31.944root 11241100x8000000000000000524774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c4aecff6571aaf2021-12-21 11:23:31.944root 11241100x8000000000000000524775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51239414a32974c2021-12-21 11:23:31.944root 11241100x8000000000000000524776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62bc199207bf4a2021-12-21 11:23:31.944root 11241100x8000000000000000524777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5790d50bf978c652021-12-21 11:23:31.944root 11241100x8000000000000000524778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd12a72a2ca8832021-12-21 11:23:31.944root 11241100x8000000000000000524779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752afdb3943f60a82021-12-21 11:23:31.944root 11241100x8000000000000000524780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6c747fac8035cc2021-12-21 11:23:31.944root 11241100x8000000000000000524781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff762d4b8ea3df42021-12-21 11:23:31.944root 11241100x8000000000000000524782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f7a3f2d9079592021-12-21 11:23:31.944root 11241100x8000000000000000524783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8b7c4fea4f081f2021-12-21 11:23:31.944root 11241100x8000000000000000524784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a754ee78deabb992021-12-21 11:23:31.945root 11241100x8000000000000000524785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7a97a534d0c1382021-12-21 11:23:31.945root 11241100x8000000000000000524786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca4eba47384e69b2021-12-21 11:23:31.945root 11241100x8000000000000000524787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d7579acb1a1b022021-12-21 11:23:31.945root 11241100x8000000000000000524788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3341cebb2c2733c2021-12-21 11:23:31.945root 354300x8000000000000000524789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.242{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48472-false10.0.1.12-8000- 11241100x8000000000000000524790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68b61bfb2c49cda2021-12-21 11:23:32.244root 11241100x8000000000000000524791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8930fc916f27527f2021-12-21 11:23:32.244root 11241100x8000000000000000524792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadbdc2c0921cef82021-12-21 11:23:32.244root 11241100x8000000000000000524793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacf4b73b303fa52021-12-21 11:23:32.244root 11241100x8000000000000000524794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060241ee07bd854c2021-12-21 11:23:32.245root 11241100x8000000000000000524795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011712010cee954d2021-12-21 11:23:32.245root 11241100x8000000000000000524796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b0d2999389ff222021-12-21 11:23:32.245root 11241100x8000000000000000524797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9c26c3719ad2582021-12-21 11:23:32.245root 11241100x8000000000000000524798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69cd397081314482021-12-21 11:23:32.245root 11241100x8000000000000000524799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8818bb9aec6fe2021-12-21 11:23:32.245root 11241100x8000000000000000524800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb3a845c5bc2142021-12-21 11:23:32.245root 11241100x8000000000000000524801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd48f13be92e6f42021-12-21 11:23:32.245root 11241100x8000000000000000524802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12544a68bd8a8c012021-12-21 11:23:32.245root 11241100x8000000000000000524803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49b3718477914682021-12-21 11:23:32.246root 11241100x8000000000000000524804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e61f4bbba9711b2021-12-21 11:23:32.246root 11241100x8000000000000000524805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25e98c3be75ae5c2021-12-21 11:23:32.246root 11241100x8000000000000000524806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388a1f45195af9fd2021-12-21 11:23:32.246root 11241100x8000000000000000524807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cefc717e0ea87dc2021-12-21 11:23:32.246root 11241100x8000000000000000524808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c2ec99575f7ddd2021-12-21 11:23:32.246root 11241100x8000000000000000524809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235dfa02e264d2b82021-12-21 11:23:32.246root 11241100x8000000000000000524810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567508989dfac66f2021-12-21 11:23:32.246root 11241100x8000000000000000524811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f7cf7b2d4cc4d72021-12-21 11:23:32.246root 11241100x8000000000000000524812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bd255ffea2ce992021-12-21 11:23:32.693root 11241100x8000000000000000524813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89c7fd0de0390722021-12-21 11:23:32.693root 11241100x8000000000000000524814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d01b3474209f32021-12-21 11:23:32.693root 11241100x8000000000000000524815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c03ee430ff233632021-12-21 11:23:32.694root 11241100x8000000000000000524816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c454ac196b3b60ae2021-12-21 11:23:32.694root 11241100x8000000000000000524817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a126a5501c2e3eef2021-12-21 11:23:32.694root 11241100x8000000000000000524818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633e7e1a08b5faaf2021-12-21 11:23:32.694root 11241100x8000000000000000524819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debc7216c432a2ec2021-12-21 11:23:32.694root 11241100x8000000000000000524820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aacca39bfff7d182021-12-21 11:23:32.694root 11241100x8000000000000000524821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632e0146d00735572021-12-21 11:23:32.694root 11241100x8000000000000000524822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170cb1740653941f2021-12-21 11:23:32.694root 11241100x8000000000000000524823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71180392eb285d92021-12-21 11:23:32.694root 11241100x8000000000000000524824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c6834ebd25c97a2021-12-21 11:23:32.694root 11241100x8000000000000000524825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3ed1f38eb6ea5d2021-12-21 11:23:32.694root 11241100x8000000000000000524826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90498bec0867d072021-12-21 11:23:32.694root 11241100x8000000000000000524827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228651f99dd607dc2021-12-21 11:23:32.695root 11241100x8000000000000000524828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e96c820ff1ea4912021-12-21 11:23:32.695root 11241100x8000000000000000524829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5db53cfcad4566e2021-12-21 11:23:32.695root 11241100x8000000000000000524830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5757e88fc65cf22021-12-21 11:23:32.695root 11241100x8000000000000000524831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750e4ed5042dfb062021-12-21 11:23:32.695root 11241100x8000000000000000524832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae1e73017ed01892021-12-21 11:23:32.695root 11241100x8000000000000000524833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb34e1e996d00702021-12-21 11:23:32.695root 11241100x8000000000000000524834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810e3301674c53982021-12-21 11:23:33.193root 11241100x8000000000000000524835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec1dd54ba113db2021-12-21 11:23:33.193root 11241100x8000000000000000524836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1a09864260c1922021-12-21 11:23:33.193root 11241100x8000000000000000524837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f4e17693b484f2021-12-21 11:23:33.194root 11241100x8000000000000000524838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8f397f90bc2e622021-12-21 11:23:33.194root 11241100x8000000000000000524839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9a547e79394c1c2021-12-21 11:23:33.194root 11241100x8000000000000000524840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cdcd1536e7404e2021-12-21 11:23:33.194root 11241100x8000000000000000524841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f9d4594c2de6d2021-12-21 11:23:33.194root 11241100x8000000000000000524842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7673ddc81db3fdcc2021-12-21 11:23:33.194root 11241100x8000000000000000524843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f587484654efc92021-12-21 11:23:33.194root 11241100x8000000000000000524844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d69e041bfe456c2021-12-21 11:23:33.194root 11241100x8000000000000000524845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d919241452cd3cc32021-12-21 11:23:33.194root 11241100x8000000000000000524846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9eea76bc71365e2021-12-21 11:23:33.194root 11241100x8000000000000000524847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5646516ed053382021-12-21 11:23:33.194root 11241100x8000000000000000524848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94d8a9d9e6d01482021-12-21 11:23:33.194root 11241100x8000000000000000524849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fb1445577ebb5d2021-12-21 11:23:33.195root 11241100x8000000000000000524850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbabf68697ad90642021-12-21 11:23:33.195root 11241100x8000000000000000524851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da6a4ceaad2b4062021-12-21 11:23:33.195root 11241100x8000000000000000524852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c952aa298a9789c82021-12-21 11:23:33.195root 11241100x8000000000000000524853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447770c0ec48e70e2021-12-21 11:23:33.195root 11241100x8000000000000000524854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628448c20605fdbb2021-12-21 11:23:33.195root 11241100x8000000000000000524855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68262445c088fe1d2021-12-21 11:23:33.195root 11241100x8000000000000000524856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a13cf02779ea102021-12-21 11:23:33.693root 11241100x8000000000000000524857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b92436f96c49df2021-12-21 11:23:33.693root 11241100x8000000000000000524858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb56fa684a370c2021-12-21 11:23:33.693root 11241100x8000000000000000524859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49fc7f32082ae8f2021-12-21 11:23:33.693root 11241100x8000000000000000524860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917cf3a2692618fe2021-12-21 11:23:33.694root 11241100x8000000000000000524861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc10b27de2253e2021-12-21 11:23:33.694root 11241100x8000000000000000524862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613714f6447467c62021-12-21 11:23:33.694root 11241100x8000000000000000524863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2426b2d9d65338f2021-12-21 11:23:33.694root 11241100x8000000000000000524864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01da29366548d2bc2021-12-21 11:23:33.694root 11241100x8000000000000000524865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bc21b6c2b1a5692021-12-21 11:23:33.694root 11241100x8000000000000000524866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e68783a023ebb02021-12-21 11:23:33.694root 11241100x8000000000000000524867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403f94421d43e3f62021-12-21 11:23:33.694root 11241100x8000000000000000524868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9c9e287457ad5f2021-12-21 11:23:33.694root 11241100x8000000000000000524869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daa968983bafc232021-12-21 11:23:33.694root 11241100x8000000000000000524870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e2b008839be2a2021-12-21 11:23:33.694root 11241100x8000000000000000524871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f365fe5844a99952021-12-21 11:23:33.695root 11241100x8000000000000000524872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff1f56c9445fa42021-12-21 11:23:33.695root 11241100x8000000000000000524873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe19fb2fddefa8572021-12-21 11:23:33.695root 11241100x8000000000000000524874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071f11870e31f352021-12-21 11:23:33.695root 11241100x8000000000000000524875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d646c2a91ef13ab2021-12-21 11:23:33.695root 11241100x8000000000000000524876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6345017a7865bd1a2021-12-21 11:23:33.695root 11241100x8000000000000000524877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d518eecfa8c749c72021-12-21 11:23:33.695root 11241100x8000000000000000524878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3bc83f8b304f822021-12-21 11:23:34.193root 11241100x8000000000000000524879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4c525ed664e1902021-12-21 11:23:34.193root 11241100x8000000000000000524880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f6e06da0595a852021-12-21 11:23:34.193root 11241100x8000000000000000524881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9477aa7adc92ab2021-12-21 11:23:34.193root 11241100x8000000000000000524882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bd9086eff4b4902021-12-21 11:23:34.193root 11241100x8000000000000000524883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24699641f8c3ae32021-12-21 11:23:34.193root 11241100x8000000000000000524884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b63b93e6071268d2021-12-21 11:23:34.193root 11241100x8000000000000000524885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e638eebdc404aa22021-12-21 11:23:34.193root 11241100x8000000000000000524886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d242a0bafeeeb9132021-12-21 11:23:34.193root 11241100x8000000000000000524887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b25da0ca15db82021-12-21 11:23:34.194root 11241100x8000000000000000524888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ba85785632aef72021-12-21 11:23:34.194root 11241100x8000000000000000524889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75633a64d7cff2d2021-12-21 11:23:34.194root 11241100x8000000000000000524890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fc1f12792a3b3c2021-12-21 11:23:34.194root 11241100x8000000000000000524891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f79c0d1d112212021-12-21 11:23:34.194root 11241100x8000000000000000524892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336f5023299144c2021-12-21 11:23:34.194root 11241100x8000000000000000524893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34bf1975ab0de562021-12-21 11:23:34.194root 11241100x8000000000000000524894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cbee457196dc452021-12-21 11:23:34.194root 11241100x8000000000000000524895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a624188d46d801582021-12-21 11:23:34.194root 11241100x8000000000000000524896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe3267aacef9322021-12-21 11:23:34.194root 11241100x8000000000000000524897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66857de9dc594ac52021-12-21 11:23:34.195root 11241100x8000000000000000524898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa75ef03989a9622021-12-21 11:23:34.195root 11241100x8000000000000000524899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190a686ee29ee63b2021-12-21 11:23:34.195root 11241100x8000000000000000524900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5594402ddcaa562021-12-21 11:23:34.195root 11241100x8000000000000000524901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccb7d1ade80ec82021-12-21 11:23:34.693root 11241100x8000000000000000524902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab21668c3ab0c3f62021-12-21 11:23:34.693root 11241100x8000000000000000524903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eb48b4fa3ee7c62021-12-21 11:23:34.693root 11241100x8000000000000000524904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620727d64cbebfd72021-12-21 11:23:34.694root 11241100x8000000000000000524905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462cf21d6f93edc92021-12-21 11:23:34.694root 11241100x8000000000000000524906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701cf5403026574c2021-12-21 11:23:34.694root 11241100x8000000000000000524907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9addf86209b5d3e2021-12-21 11:23:34.694root 11241100x8000000000000000524908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02b69048c15bdcb2021-12-21 11:23:34.694root 11241100x8000000000000000524909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954fc823ef6381a32021-12-21 11:23:34.694root 11241100x8000000000000000524910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600030b3720c12192021-12-21 11:23:34.694root 11241100x8000000000000000524911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018c99540806ced42021-12-21 11:23:34.694root 11241100x8000000000000000524912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375547eb5ebc1892021-12-21 11:23:34.694root 11241100x8000000000000000524913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7337cbac39401f2021-12-21 11:23:34.694root 11241100x8000000000000000524914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11c5bcffdaf41142021-12-21 11:23:34.695root 11241100x8000000000000000524915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3ddf2db658ddb32021-12-21 11:23:34.695root 11241100x8000000000000000524916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673c9497dcea38c2021-12-21 11:23:34.695root 11241100x8000000000000000524917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add10d52eee8019d2021-12-21 11:23:34.695root 11241100x8000000000000000524918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60319b1ce0c21c2021-12-21 11:23:34.695root 11241100x8000000000000000524919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35823f48df87bff22021-12-21 11:23:34.695root 11241100x8000000000000000524920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc5ec109ba6e49d2021-12-21 11:23:34.695root 11241100x8000000000000000524921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d0b4b6364aaef2021-12-21 11:23:34.695root 11241100x8000000000000000524922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9095a1fc28ffaa12021-12-21 11:23:34.695root 11241100x8000000000000000524923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e04ccc9014a342021-12-21 11:23:35.193root 11241100x8000000000000000524924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59dc0dafcccdc9e2021-12-21 11:23:35.193root 11241100x8000000000000000524925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853bd42b84d53802021-12-21 11:23:35.194root 11241100x8000000000000000524926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa969e34996ad142021-12-21 11:23:35.194root 11241100x8000000000000000524927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58f15a11e5e8ef02021-12-21 11:23:35.194root 11241100x8000000000000000524928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acddc5b2537884552021-12-21 11:23:35.194root 11241100x8000000000000000524929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dda48a922d1cc362021-12-21 11:23:35.194root 11241100x8000000000000000524930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa01132b121068e2021-12-21 11:23:35.195root 11241100x8000000000000000524931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed4c20772216fd52021-12-21 11:23:35.195root 11241100x8000000000000000524932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d166544a768a75b2021-12-21 11:23:35.195root 11241100x8000000000000000524933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a610e2f04a5ba6db2021-12-21 11:23:35.195root 11241100x8000000000000000524934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b79354bb711f8c72021-12-21 11:23:35.195root 11241100x8000000000000000524935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e06e62fe3e50a702021-12-21 11:23:35.195root 11241100x8000000000000000524936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097a1ae6c4021272021-12-21 11:23:35.195root 11241100x8000000000000000524937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60ae9259990c2242021-12-21 11:23:35.195root 11241100x8000000000000000524938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd41de308c83ee2021-12-21 11:23:35.195root 11241100x8000000000000000524939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34eb0f884ff36d992021-12-21 11:23:35.195root 11241100x8000000000000000524940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9603d9d6ac41ec72021-12-21 11:23:35.195root 11241100x8000000000000000524941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c4d5d946d530b2021-12-21 11:23:35.195root 11241100x8000000000000000524942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2379c983a1242b92021-12-21 11:23:35.196root 11241100x8000000000000000524943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ed72168621d9532021-12-21 11:23:35.196root 11241100x8000000000000000524944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f488c1553d71a6e2021-12-21 11:23:35.196root 11241100x8000000000000000524945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba779520acc3c4db2021-12-21 11:23:35.693root 11241100x8000000000000000524946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58bb92fcbe08ebb2021-12-21 11:23:35.693root 11241100x8000000000000000524947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c32fd3f582f35b02021-12-21 11:23:35.693root 11241100x8000000000000000524948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b09cc91af1e9e2021-12-21 11:23:35.694root 11241100x8000000000000000524949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba73c733d8ee572021-12-21 11:23:35.694root 11241100x8000000000000000524950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f28202cadbc5c9f2021-12-21 11:23:35.694root 11241100x8000000000000000524951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55156f17cf5cc2a52021-12-21 11:23:35.694root 11241100x8000000000000000524952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d102100a2c3321ac2021-12-21 11:23:35.694root 11241100x8000000000000000524953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe40324431eff2e32021-12-21 11:23:35.694root 11241100x8000000000000000524954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400289e5c683344f2021-12-21 11:23:35.694root 11241100x8000000000000000524955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c56b1d21dd9e8e2021-12-21 11:23:35.695root 11241100x8000000000000000524956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f8cd1607c33da12021-12-21 11:23:35.695root 11241100x8000000000000000524957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e8f3501a14877b2021-12-21 11:23:35.695root 11241100x8000000000000000524958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a023c456df3b8de2021-12-21 11:23:35.695root 11241100x8000000000000000524959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac350eb46403af2021-12-21 11:23:35.695root 11241100x8000000000000000524960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda905c52350370c2021-12-21 11:23:35.695root 11241100x8000000000000000524961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301f77b0ddc4c80f2021-12-21 11:23:35.695root 11241100x8000000000000000524962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff36a1497fb8da82021-12-21 11:23:35.695root 11241100x8000000000000000524963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff65434ca14a64fd2021-12-21 11:23:35.695root 11241100x8000000000000000524964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbc77da56c2cd0e2021-12-21 11:23:35.696root 11241100x8000000000000000524965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf8fa30aa36b2782021-12-21 11:23:35.696root 11241100x8000000000000000524966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f77c95b40460662021-12-21 11:23:35.696root 11241100x8000000000000000524967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a9f72c3fb89722021-12-21 11:23:36.193root 11241100x8000000000000000524968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301337f308b8e3842021-12-21 11:23:36.193root 11241100x8000000000000000524969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accc07298b060c092021-12-21 11:23:36.193root 11241100x8000000000000000524970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78803da769423e82021-12-21 11:23:36.193root 11241100x8000000000000000524971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab1efebfd9d46ac2021-12-21 11:23:36.193root 11241100x8000000000000000524972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4f7b6b063ad5af2021-12-21 11:23:36.193root 11241100x8000000000000000524973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3188ec4c9d583b82021-12-21 11:23:36.194root 11241100x8000000000000000524974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e231b42cdbcf72752021-12-21 11:23:36.194root 11241100x8000000000000000524975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5c260c29f719c82021-12-21 11:23:36.194root 11241100x8000000000000000524976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76df57c047ef545e2021-12-21 11:23:36.194root 11241100x8000000000000000524977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d617abec63352bd2021-12-21 11:23:36.194root 11241100x8000000000000000524978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6859e6432087ad602021-12-21 11:23:36.194root 11241100x8000000000000000524979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba62886c61e35e8b2021-12-21 11:23:36.194root 11241100x8000000000000000524980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd64d30673186a2021-12-21 11:23:36.194root 11241100x8000000000000000524981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fb5c3a0f2dd8072021-12-21 11:23:36.194root 11241100x8000000000000000524982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e2ade28d393d62021-12-21 11:23:36.194root 11241100x8000000000000000524983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e117c7a89d659b2021-12-21 11:23:36.194root 11241100x8000000000000000524984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c53f5dd890d14bb2021-12-21 11:23:36.194root 11241100x8000000000000000524985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0227bfdb7ab8839b2021-12-21 11:23:36.195root 11241100x8000000000000000524986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49ac3039e1b7c42021-12-21 11:23:36.195root 11241100x8000000000000000524987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a448e3d9620a882021-12-21 11:23:36.195root 11241100x8000000000000000524988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c21a48fe15d661d2021-12-21 11:23:36.195root 11241100x8000000000000000524989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3c08397908ee122021-12-21 11:23:36.195root 11241100x8000000000000000524990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:23:36.329root 11241100x8000000000000000524991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0cfb7e17d7b3922021-12-21 11:23:36.693root 11241100x8000000000000000524992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5cedbd7e1e91222021-12-21 11:23:36.693root 11241100x8000000000000000524993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6254da309b08e5212021-12-21 11:23:36.693root 11241100x8000000000000000524994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbbd22d86df93562021-12-21 11:23:36.693root 11241100x8000000000000000524995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02ea157ce4e77182021-12-21 11:23:36.693root 11241100x8000000000000000524996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e64ce571fa774b2021-12-21 11:23:36.693root 11241100x8000000000000000524997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f6521e87f827a62021-12-21 11:23:36.694root 11241100x8000000000000000524998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1d702ed6ed4d9e2021-12-21 11:23:36.694root 11241100x8000000000000000524999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33d6bb7264b52022021-12-21 11:23:36.694root 11241100x8000000000000000525000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a525429dc5b16202021-12-21 11:23:36.694root 11241100x8000000000000000525001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166223f73f669ffd2021-12-21 11:23:36.694root 11241100x8000000000000000525002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3978afc3c7c342021-12-21 11:23:36.694root 11241100x8000000000000000525003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eddd81ac2811a42021-12-21 11:23:36.694root 11241100x8000000000000000525004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b2c82defb68212021-12-21 11:23:36.695root 11241100x8000000000000000525005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e82dc94c518e992021-12-21 11:23:36.695root 11241100x8000000000000000525006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f09c58df73b3fa2021-12-21 11:23:36.695root 11241100x8000000000000000525007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db92b0e115dd1de12021-12-21 11:23:36.695root 11241100x8000000000000000525008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332d3659f5dc2a622021-12-21 11:23:36.695root 11241100x8000000000000000525009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53f7fbedd3ee652021-12-21 11:23:36.695root 11241100x8000000000000000525010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e55975ff667b32021-12-21 11:23:36.695root 11241100x8000000000000000525011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844b0b290422018e2021-12-21 11:23:36.695root 11241100x8000000000000000525012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de99b15810d6eba22021-12-21 11:23:36.695root 11241100x8000000000000000525013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01238be9474c4ca12021-12-21 11:23:36.696root 11241100x8000000000000000525014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b4ecfe9c3c831a2021-12-21 11:23:36.696root 11241100x8000000000000000525015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abe22f005475a642021-12-21 11:23:37.193root 11241100x8000000000000000525016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d581159daff8f6822021-12-21 11:23:37.193root 11241100x8000000000000000525017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd26a6ff439143c62021-12-21 11:23:37.194root 11241100x8000000000000000525018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4380a7f6e017d22021-12-21 11:23:37.194root 11241100x8000000000000000525019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d9f02a43bf234b2021-12-21 11:23:37.194root 11241100x8000000000000000525020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd43b8cad5dbf852021-12-21 11:23:37.195root 11241100x8000000000000000525021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56494bc054bef8b92021-12-21 11:23:37.195root 11241100x8000000000000000525022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92975494865767b92021-12-21 11:23:37.195root 11241100x8000000000000000525023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da00a1adfaea68162021-12-21 11:23:37.195root 11241100x8000000000000000525024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9126a8e7265e3a7f2021-12-21 11:23:37.196root 11241100x8000000000000000525025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba6c2c297dbb9332021-12-21 11:23:37.196root 11241100x8000000000000000525026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7ddd117a3806e32021-12-21 11:23:37.196root 11241100x8000000000000000525027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7518a26d570a32021-12-21 11:23:37.196root 11241100x8000000000000000525028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd29d38d60666b72021-12-21 11:23:37.196root 11241100x8000000000000000525029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d91418f2e8583b2021-12-21 11:23:37.196root 11241100x8000000000000000525030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29076e49ea15bb12021-12-21 11:23:37.196root 11241100x8000000000000000525031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434e3f7a33478e232021-12-21 11:23:37.196root 11241100x8000000000000000525032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0448666b10e31a32021-12-21 11:23:37.196root 11241100x8000000000000000525033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36baa1215aef23b52021-12-21 11:23:37.197root 11241100x8000000000000000525034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ebeb5898b4843c2021-12-21 11:23:37.197root 11241100x8000000000000000525035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94be8b1badbc9ff2021-12-21 11:23:37.197root 11241100x8000000000000000525036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fb4b2918b02c2c2021-12-21 11:23:37.197root 11241100x8000000000000000525037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e309c983c123ab2021-12-21 11:23:37.197root 11241100x8000000000000000525038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec90083f8244e02021-12-21 11:23:37.693root 11241100x8000000000000000525039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1f0756b84581fd2021-12-21 11:23:37.693root 11241100x8000000000000000525040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8879ac59caed72021-12-21 11:23:37.694root 11241100x8000000000000000525041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e51af419b4accb2021-12-21 11:23:37.694root 11241100x8000000000000000525042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709d8142d46768702021-12-21 11:23:37.694root 11241100x8000000000000000525043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8d50e5235d05352021-12-21 11:23:37.694root 11241100x8000000000000000525044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16826060bb2c1e552021-12-21 11:23:37.694root 11241100x8000000000000000525045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c47b00f1bd35f2021-12-21 11:23:37.694root 11241100x8000000000000000525046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d27daa35b471512021-12-21 11:23:37.694root 11241100x8000000000000000525047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bb1bc28cd9bd1f2021-12-21 11:23:37.695root 11241100x8000000000000000525048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4561405ad3c6572021-12-21 11:23:37.695root 11241100x8000000000000000525049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3214b3c26012e7442021-12-21 11:23:37.695root 11241100x8000000000000000525050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dec541eb0636b32021-12-21 11:23:37.696root 11241100x8000000000000000525051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0309462c248eb662021-12-21 11:23:37.696root 11241100x8000000000000000525052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c49e9227975fb9d2021-12-21 11:23:37.696root 11241100x8000000000000000525053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d5b77265515612021-12-21 11:23:37.696root 11241100x8000000000000000525054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8501710c91504322021-12-21 11:23:37.696root 11241100x8000000000000000525055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bacd055dba080902021-12-21 11:23:37.696root 11241100x8000000000000000525056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c78d9b0e0e2f5ae2021-12-21 11:23:37.696root 11241100x8000000000000000525057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7271b72890d6c79a2021-12-21 11:23:37.696root 11241100x8000000000000000525058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1126e90911be22021-12-21 11:23:37.696root 11241100x8000000000000000525059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3984e73d6c0cb92021-12-21 11:23:37.696root 11241100x8000000000000000525060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7567cdb0052412b72021-12-21 11:23:37.697root 11241100x8000000000000000525061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4bdd16718b521e2021-12-21 11:23:38.193root 11241100x8000000000000000525062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a072aa1e24625b62021-12-21 11:23:38.193root 11241100x8000000000000000525063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc95bea65c17262021-12-21 11:23:38.194root 11241100x8000000000000000525064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17bb676eb565bc2021-12-21 11:23:38.194root 11241100x8000000000000000525065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccdb659745a93da2021-12-21 11:23:38.194root 11241100x8000000000000000525066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370b51ff0fe3c5aa2021-12-21 11:23:38.194root 11241100x8000000000000000525067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ace16fbead471532021-12-21 11:23:38.194root 11241100x8000000000000000525068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf57795c044d45b2021-12-21 11:23:38.195root 11241100x8000000000000000525069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb85c610729c7262021-12-21 11:23:38.195root 11241100x8000000000000000525070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fabc4e237459c42021-12-21 11:23:38.195root 11241100x8000000000000000525071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f1307691518bd62021-12-21 11:23:38.196root 11241100x8000000000000000525072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f8a608bd19b0402021-12-21 11:23:38.196root 11241100x8000000000000000525073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608f36f74255f8312021-12-21 11:23:38.196root 11241100x8000000000000000525074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f4969af56bfff2021-12-21 11:23:38.196root 11241100x8000000000000000525075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6991cb6a865f2732021-12-21 11:23:38.197root 11241100x8000000000000000525076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a7c9459815461d2021-12-21 11:23:38.197root 11241100x8000000000000000525077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39937d488f8231f62021-12-21 11:23:38.197root 11241100x8000000000000000525078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdba58ac4829189c2021-12-21 11:23:38.197root 11241100x8000000000000000525079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655a537e7c7e13ef2021-12-21 11:23:38.197root 11241100x8000000000000000525080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d9da9e331c7ee32021-12-21 11:23:38.198root 11241100x8000000000000000525081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3d66e2e33678712021-12-21 11:23:38.198root 11241100x8000000000000000525082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4d59a827410e5d2021-12-21 11:23:38.199root 11241100x8000000000000000525083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ad8099a1548caf2021-12-21 11:23:38.200root 11241100x8000000000000000525084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7130e3a309de0952021-12-21 11:23:38.200root 11241100x8000000000000000525085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29482a4a19f82c842021-12-21 11:23:38.201root 354300x8000000000000000525086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.211{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48474-false10.0.1.12-8000- 11241100x8000000000000000525087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de0d16cb11f21c12021-12-21 11:23:38.693root 11241100x8000000000000000525088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f861389c45439f882021-12-21 11:23:38.693root 11241100x8000000000000000525089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e17b346d99c542021-12-21 11:23:38.693root 11241100x8000000000000000525090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c0c73ad5aebd92021-12-21 11:23:38.693root 11241100x8000000000000000525091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc802634cf6dab5a2021-12-21 11:23:38.693root 11241100x8000000000000000525092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e7e16036fbf402021-12-21 11:23:38.694root 11241100x8000000000000000525093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edccc053c0295612021-12-21 11:23:38.694root 11241100x8000000000000000525094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17756966c965372021-12-21 11:23:38.694root 11241100x8000000000000000525095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43331841518e62072021-12-21 11:23:38.694root 11241100x8000000000000000525096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9725a105b357d50b2021-12-21 11:23:38.694root 11241100x8000000000000000525097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845ff34f179135e22021-12-21 11:23:38.694root 11241100x8000000000000000525098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5352be537fed8512021-12-21 11:23:38.694root 11241100x8000000000000000525099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17680c4d927351262021-12-21 11:23:38.694root 11241100x8000000000000000525100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ad9ab45533964b2021-12-21 11:23:38.695root 11241100x8000000000000000525101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230e8211a0c1dc22021-12-21 11:23:38.695root 11241100x8000000000000000525102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d9ef7882da8fb82021-12-21 11:23:38.695root 11241100x8000000000000000525103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4fe81edc7f08072021-12-21 11:23:38.695root 11241100x8000000000000000525104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573e46feea4cfe732021-12-21 11:23:38.695root 11241100x8000000000000000525105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e9426a72064c482021-12-21 11:23:38.695root 11241100x8000000000000000525106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ac2cebc7392ac32021-12-21 11:23:38.695root 11241100x8000000000000000525107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b196699663b3c3fe2021-12-21 11:23:38.695root 11241100x8000000000000000525108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcab2f05082d4602021-12-21 11:23:38.695root 11241100x8000000000000000525109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077e694e116036692021-12-21 11:23:38.696root 11241100x8000000000000000525110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727ad73be8a478c2021-12-21 11:23:38.696root 11241100x8000000000000000525111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2264d387d8a9bdcf2021-12-21 11:23:38.696root 11241100x8000000000000000525112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6e19c360de01d2021-12-21 11:23:39.193root 11241100x8000000000000000525113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129c444cddef74762021-12-21 11:23:39.193root 11241100x8000000000000000525114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f08ca35f91529b2021-12-21 11:23:39.194root 11241100x8000000000000000525115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b7e071f66955952021-12-21 11:23:39.194root 11241100x8000000000000000525116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e871e5ac9c66e0c2021-12-21 11:23:39.194root 11241100x8000000000000000525117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8778b429fa8be5ff2021-12-21 11:23:39.194root 11241100x8000000000000000525118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d673aa9094020cdf2021-12-21 11:23:39.194root 11241100x8000000000000000525119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d55b2b9c09897f2021-12-21 11:23:39.194root 11241100x8000000000000000525120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1767c8bd6bace2021-12-21 11:23:39.194root 11241100x8000000000000000525121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53f73edd2e428902021-12-21 11:23:39.194root 11241100x8000000000000000525122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e26be6270edab2021-12-21 11:23:39.194root 11241100x8000000000000000525123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3731ab60ce2388e52021-12-21 11:23:39.194root 11241100x8000000000000000525124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581eb3a392593452021-12-21 11:23:39.195root 11241100x8000000000000000525125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6cd40a95ff99f2021-12-21 11:23:39.195root 11241100x8000000000000000525126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1300faf314bfee662021-12-21 11:23:39.195root 11241100x8000000000000000525127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529668c40929ba12021-12-21 11:23:39.195root 11241100x8000000000000000525128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80316ef2b7fee24c2021-12-21 11:23:39.195root 11241100x8000000000000000525129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034be204f509e5a2021-12-21 11:23:39.196root 11241100x8000000000000000525130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550ce8910d65f6042021-12-21 11:23:39.196root 11241100x8000000000000000525131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc67b42e3ea50fc42021-12-21 11:23:39.196root 11241100x8000000000000000525132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3883e7ec7f526a72021-12-21 11:23:39.196root 11241100x8000000000000000525133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e810339ede92894f2021-12-21 11:23:39.196root 11241100x8000000000000000525134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab24cb9c037cf85b2021-12-21 11:23:39.196root 11241100x8000000000000000525135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e707980df168e8e32021-12-21 11:23:39.196root 23542300x8000000000000000525136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000525137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2be9cfed1aa11e2021-12-21 11:23:39.693root 11241100x8000000000000000525138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe62fafae102e072021-12-21 11:23:39.693root 11241100x8000000000000000525139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39a8e9ea1283e22021-12-21 11:23:39.693root 11241100x8000000000000000525140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189711ee3d75a6852021-12-21 11:23:39.693root 11241100x8000000000000000525141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b269797c9db0fb032021-12-21 11:23:39.693root 11241100x8000000000000000525142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68928692b261552c2021-12-21 11:23:39.693root 11241100x8000000000000000525143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61edbc33eb25309f2021-12-21 11:23:39.694root 11241100x8000000000000000525144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e72d270d7f88972021-12-21 11:23:39.694root 11241100x8000000000000000525145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dc1a97f19095a02021-12-21 11:23:39.694root 11241100x8000000000000000525146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94c584154cbc542021-12-21 11:23:39.694root 11241100x8000000000000000525147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7fadc1554b6e102021-12-21 11:23:39.694root 11241100x8000000000000000525148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914ae44306a308af2021-12-21 11:23:39.694root 11241100x8000000000000000525149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ffd069c1bfd08b2021-12-21 11:23:39.694root 11241100x8000000000000000525150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db78a47107e61a1b2021-12-21 11:23:39.694root 11241100x8000000000000000525151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b91eaba43af482021-12-21 11:23:39.695root 11241100x8000000000000000525152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fee2641cafbf792021-12-21 11:23:39.695root 11241100x8000000000000000525153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62230407c75562f72021-12-21 11:23:39.695root 11241100x8000000000000000525154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489c639f2ab179362021-12-21 11:23:39.695root 11241100x8000000000000000525155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9f01e24ef79b62021-12-21 11:23:39.696root 11241100x8000000000000000525156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa8bcc4fb7df412021-12-21 11:23:39.696root 11241100x8000000000000000525157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb7c95b1dec42322021-12-21 11:23:39.696root 11241100x8000000000000000525158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a16ad4d8b5fc53b2021-12-21 11:23:39.696root 11241100x8000000000000000525159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92d80c5a3be72b52021-12-21 11:23:39.696root 11241100x8000000000000000525160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70963fb7653e1db92021-12-21 11:23:39.696root 11241100x8000000000000000525161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2053784b30ad131a2021-12-21 11:23:39.696root 11241100x8000000000000000525162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b13ba68b17ca402021-12-21 11:23:39.697root 11241100x8000000000000000525163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5e7fcc8ef9db252021-12-21 11:23:39.697root 11241100x8000000000000000525164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30068bcebd2c82072021-12-21 11:23:39.697root 11241100x8000000000000000525165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6fbe1ec7260e082021-12-21 11:23:39.697root 11241100x8000000000000000525166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab77593e78f6472021-12-21 11:23:39.697root 11241100x8000000000000000525167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5e279d0981f2c2021-12-21 11:23:39.697root 11241100x8000000000000000525168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd97f4e4d41b47292021-12-21 11:23:39.697root 11241100x8000000000000000525169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718ab5ff314508dd2021-12-21 11:23:40.193root 11241100x8000000000000000525170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b5477b153b01272021-12-21 11:23:40.193root 11241100x8000000000000000525171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf11052a32fa8ce72021-12-21 11:23:40.193root 11241100x8000000000000000525172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24972709bdb2337e2021-12-21 11:23:40.194root 11241100x8000000000000000525173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f82e676506bab2021-12-21 11:23:40.194root 11241100x8000000000000000525174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999d5b6e92fb6ee32021-12-21 11:23:40.194root 11241100x8000000000000000525175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295e6ba9aa068a1a2021-12-21 11:23:40.194root 11241100x8000000000000000525176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1122f8f7130f1b602021-12-21 11:23:40.194root 11241100x8000000000000000525177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19ff58a1da64c0a2021-12-21 11:23:40.194root 11241100x8000000000000000525178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77bb312aa5eba002021-12-21 11:23:40.194root 11241100x8000000000000000525179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4de2e043501961e2021-12-21 11:23:40.195root 11241100x8000000000000000525180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58319998eee4d5582021-12-21 11:23:40.195root 11241100x8000000000000000525181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ee32ad8d9f5412021-12-21 11:23:40.195root 11241100x8000000000000000525182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ea909e659cd9872021-12-21 11:23:40.195root 11241100x8000000000000000525183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a86661f7b1d264a2021-12-21 11:23:40.195root 11241100x8000000000000000525184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fae8fe3a5028cc82021-12-21 11:23:40.195root 11241100x8000000000000000525185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee6eeca4b23806a2021-12-21 11:23:40.195root 11241100x8000000000000000525186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b797d67da0182b92021-12-21 11:23:40.196root 11241100x8000000000000000525187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70a17ac75051e322021-12-21 11:23:40.196root 11241100x8000000000000000525188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7de2f276edbf12021-12-21 11:23:40.196root 11241100x8000000000000000525189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddad3c8203f52d02021-12-21 11:23:40.196root 11241100x8000000000000000525190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caedc5f2c77565a92021-12-21 11:23:40.196root 11241100x8000000000000000525191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12862bbd6e6633da2021-12-21 11:23:40.196root 11241100x8000000000000000525192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212e578de1b1d5642021-12-21 11:23:40.197root 11241100x8000000000000000525193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30557d9731dd5dc2021-12-21 11:23:40.197root 11241100x8000000000000000525194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c7aec05ec6d8f2021-12-21 11:23:40.197root 11241100x8000000000000000525195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb10148adb12e3952021-12-21 11:23:40.693root 11241100x8000000000000000525196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb8ae2f26dd4c452021-12-21 11:23:40.693root 11241100x8000000000000000525197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0df275421e44e782021-12-21 11:23:40.693root 11241100x8000000000000000525198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f228bc75343804e2021-12-21 11:23:40.693root 11241100x8000000000000000525199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b39c2952d0ff3d42021-12-21 11:23:40.694root 11241100x8000000000000000525200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e8349de77963c2021-12-21 11:23:40.694root 11241100x8000000000000000525201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cf5bdbac3b31ff2021-12-21 11:23:40.694root 11241100x8000000000000000525202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000fb339df57a07e2021-12-21 11:23:40.694root 11241100x8000000000000000525203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e47332114624792021-12-21 11:23:40.694root 11241100x8000000000000000525204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb06827fddb3e342021-12-21 11:23:40.694root 11241100x8000000000000000525205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7fc2779ed084812021-12-21 11:23:40.694root 11241100x8000000000000000525206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe44aaad9a6c45392021-12-21 11:23:40.695root 11241100x8000000000000000525207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f35756be834662021-12-21 11:23:40.695root 11241100x8000000000000000525208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7219cba4f0ea772021-12-21 11:23:40.695root 11241100x8000000000000000525209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188559a1e569e22c2021-12-21 11:23:40.695root 11241100x8000000000000000525210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3985ca6d57b0a6fa2021-12-21 11:23:40.696root 11241100x8000000000000000525211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d903e9f09c069582021-12-21 11:23:40.696root 11241100x8000000000000000525212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35287a181d7983902021-12-21 11:23:40.696root 11241100x8000000000000000525213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96927eb261e79efa2021-12-21 11:23:40.696root 11241100x8000000000000000525214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad515f75948846d32021-12-21 11:23:40.696root 11241100x8000000000000000525215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163e1e8b8eab37852021-12-21 11:23:40.697root 11241100x8000000000000000525216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4be65466122de2021-12-21 11:23:40.697root 11241100x8000000000000000525217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c429873368e0f2021-12-21 11:23:40.697root 11241100x8000000000000000525218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be57466e3d2a42b62021-12-21 11:23:40.697root 11241100x8000000000000000525219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55b43c1e6e2fabf2021-12-21 11:23:40.698root 11241100x8000000000000000525220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee89d00d3b94d812021-12-21 11:23:40.698root 11241100x8000000000000000525221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05934f62d775254a2021-12-21 11:23:40.698root 11241100x8000000000000000525222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0125f97707198c5c2021-12-21 11:23:41.193root 11241100x8000000000000000525223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b80288ffe5fb5202021-12-21 11:23:41.193root 11241100x8000000000000000525224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cf8bfbf788479d2021-12-21 11:23:41.194root 11241100x8000000000000000525225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecba83584e832a82021-12-21 11:23:41.194root 11241100x8000000000000000525226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788416bce2a6d4a2021-12-21 11:23:41.195root 11241100x8000000000000000525227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f8545757617ce2021-12-21 11:23:41.195root 11241100x8000000000000000525228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63359d14294ad832021-12-21 11:23:41.195root 11241100x8000000000000000525229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70ac5173b7c16102021-12-21 11:23:41.196root 11241100x8000000000000000525230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4731d68724a2932021-12-21 11:23:41.197root 11241100x8000000000000000525231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb35c3b14f8446842021-12-21 11:23:41.197root 11241100x8000000000000000525232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feaec6c0d5626072021-12-21 11:23:41.198root 11241100x8000000000000000525233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96546826683c562021-12-21 11:23:41.198root 11241100x8000000000000000525234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caa974525301ddf2021-12-21 11:23:41.200root 11241100x8000000000000000525235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb2d377b1679f732021-12-21 11:23:41.201root 11241100x8000000000000000525236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b01f8d046cfa4c2021-12-21 11:23:41.202root 11241100x8000000000000000525237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef579a0091202edc2021-12-21 11:23:41.202root 11241100x8000000000000000525238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbad08042fe95a002021-12-21 11:23:41.202root 11241100x8000000000000000525239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a231aad236eedf2021-12-21 11:23:41.203root 11241100x8000000000000000525240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac735d1d35408b2f2021-12-21 11:23:41.203root 11241100x8000000000000000525241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ead2bbe74771b3e2021-12-21 11:23:41.204root 11241100x8000000000000000525242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd0b8c0ff8035b2021-12-21 11:23:41.204root 11241100x8000000000000000525243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d734e1fb749bb6632021-12-21 11:23:41.205root 11241100x8000000000000000525244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969aa12a3722fce82021-12-21 11:23:41.205root 11241100x8000000000000000525245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1268f3cf54b27b252021-12-21 11:23:41.206root 11241100x8000000000000000525246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a92f295daf7b9ec2021-12-21 11:23:41.206root 11241100x8000000000000000525247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010db1d8ce2334132021-12-21 11:23:41.207root 11241100x8000000000000000525248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38053aa5f545ad392021-12-21 11:23:41.207root 11241100x8000000000000000525249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477c71701d6ef1e02021-12-21 11:23:41.693root 11241100x8000000000000000525250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b767b3a9d79b672021-12-21 11:23:41.693root 11241100x8000000000000000525251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657bf63033e74b072021-12-21 11:23:41.693root 11241100x8000000000000000525252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b803a513ea5e05f52021-12-21 11:23:41.693root 11241100x8000000000000000525253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104af86790641c292021-12-21 11:23:41.694root 11241100x8000000000000000525254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a335d426462027f52021-12-21 11:23:41.694root 11241100x8000000000000000525255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2005d8f9a084cb2021-12-21 11:23:41.694root 11241100x8000000000000000525256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a208c24ac9d1bea22021-12-21 11:23:41.694root 11241100x8000000000000000525257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44754e8b8539cce2021-12-21 11:23:41.694root 11241100x8000000000000000525258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb811f951a9169ae2021-12-21 11:23:41.694root 11241100x8000000000000000525259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c0cb0b0ee7ad12021-12-21 11:23:41.695root 11241100x8000000000000000525260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4384f7515da348462021-12-21 11:23:41.695root 11241100x8000000000000000525261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8783561a8d12922021-12-21 11:23:41.695root 11241100x8000000000000000525262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a9836d639618a82021-12-21 11:23:41.695root 11241100x8000000000000000525263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f71fef63fec04da2021-12-21 11:23:41.695root 11241100x8000000000000000525264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb01ef3bb969d20c2021-12-21 11:23:41.696root 11241100x8000000000000000525265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b19fa247437fe572021-12-21 11:23:41.696root 11241100x8000000000000000525266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c62d4eb79e5d712021-12-21 11:23:41.696root 11241100x8000000000000000525267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc3c5b543adfd32021-12-21 11:23:41.696root 11241100x8000000000000000525268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15906ba9086fc8d62021-12-21 11:23:41.696root 11241100x8000000000000000525269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db80d04a9414764c2021-12-21 11:23:41.696root 11241100x8000000000000000525270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f9751e7282d7492021-12-21 11:23:41.697root 11241100x8000000000000000525271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7dc364fd9a3af42021-12-21 11:23:41.697root 11241100x8000000000000000525272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c1600a1ba139662021-12-21 11:23:41.697root 11241100x8000000000000000525273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14a0aa79aa65832021-12-21 11:23:41.697root 11241100x8000000000000000525274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaeeb4290de34d62021-12-21 11:23:42.193root 11241100x8000000000000000525275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417ace1eca169592021-12-21 11:23:42.193root 11241100x8000000000000000525276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef4a7d61fa180442021-12-21 11:23:42.194root 11241100x8000000000000000525277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fbc313a118b5922021-12-21 11:23:42.194root 11241100x8000000000000000525278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250b64eac4ef9a2b2021-12-21 11:23:42.194root 11241100x8000000000000000525279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354d59b0183e9f942021-12-21 11:23:42.194root 11241100x8000000000000000525280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970b6a45fb8d29112021-12-21 11:23:42.195root 11241100x8000000000000000525281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fbb0e28f7284632021-12-21 11:23:42.195root 11241100x8000000000000000525282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49bdc62cf7dfc192021-12-21 11:23:42.195root 11241100x8000000000000000525283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea1b0aa9a8ea38e2021-12-21 11:23:42.195root 11241100x8000000000000000525284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2df115e04db28f12021-12-21 11:23:42.195root 11241100x8000000000000000525285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a543f3f20e3ab52021-12-21 11:23:42.195root 11241100x8000000000000000525286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afa40b89c0ad3ca2021-12-21 11:23:42.196root 11241100x8000000000000000525287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83380272e1d2ad862021-12-21 11:23:42.196root 11241100x8000000000000000525288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed6c690a15eb81d2021-12-21 11:23:42.196root 11241100x8000000000000000525289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9451f489931f81692021-12-21 11:23:42.196root 11241100x8000000000000000525290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1451eaca95e63c4b2021-12-21 11:23:42.197root 11241100x8000000000000000525291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdd4ec439da97872021-12-21 11:23:42.197root 11241100x8000000000000000525292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d49e6627fd9d1e2021-12-21 11:23:42.197root 11241100x8000000000000000525293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f180b1d4254bbb2021-12-21 11:23:42.197root 11241100x8000000000000000525294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f86b2bde716d362021-12-21 11:23:42.197root 11241100x8000000000000000525295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce64da185b13e1ed2021-12-21 11:23:42.197root 11241100x8000000000000000525296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ae19c35eb2b0b2021-12-21 11:23:42.197root 11241100x8000000000000000525297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21b46fbef8379b2021-12-21 11:23:42.198root 11241100x8000000000000000525298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cbab031453ceae2021-12-21 11:23:42.198root 11241100x8000000000000000525299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4d352bf363b862021-12-21 11:23:42.198root 11241100x8000000000000000525300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446c4d2b24318a92021-12-21 11:23:42.198root 11241100x8000000000000000525301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50252b39c401de262021-12-21 11:23:42.198root 11241100x8000000000000000525302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a74b3a00a5eee642021-12-21 11:23:42.198root 11241100x8000000000000000525303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd4b455bdaf9dca2021-12-21 11:23:42.198root 11241100x8000000000000000525304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f83cdd1c2c2b892021-12-21 11:23:42.693root 11241100x8000000000000000525305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cc43158c1185072021-12-21 11:23:42.693root 11241100x8000000000000000525306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74ad29de819ccb32021-12-21 11:23:42.693root 11241100x8000000000000000525307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7821307c75f67672021-12-21 11:23:42.693root 11241100x8000000000000000525308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4537072cca96c222021-12-21 11:23:42.693root 11241100x8000000000000000525309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29af84b91e290f12021-12-21 11:23:42.694root 11241100x8000000000000000525310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a801ab2d4266702021-12-21 11:23:42.694root 11241100x8000000000000000525311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13ba18a511ed2e2021-12-21 11:23:42.694root 11241100x8000000000000000525312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251806d9fa9b40f22021-12-21 11:23:42.695root 11241100x8000000000000000525313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b61201209e61572021-12-21 11:23:42.695root 11241100x8000000000000000525314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771bb534604f0e062021-12-21 11:23:42.696root 11241100x8000000000000000525315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed30ead4380c5212021-12-21 11:23:42.696root 11241100x8000000000000000525316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8593b897700565722021-12-21 11:23:42.696root 11241100x8000000000000000525317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185cbcc36c78564b2021-12-21 11:23:42.697root 11241100x8000000000000000525318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaf290ef5ded8b82021-12-21 11:23:42.697root 11241100x8000000000000000525319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f197dc2bf47051ba2021-12-21 11:23:42.698root 11241100x8000000000000000525320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c600dcbb044b7a62021-12-21 11:23:42.698root 11241100x8000000000000000525321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bed20b920e20a42021-12-21 11:23:42.698root 11241100x8000000000000000525322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e781fba2508c4f02021-12-21 11:23:42.699root 11241100x8000000000000000525323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acb3e85d24b26512021-12-21 11:23:42.699root 11241100x8000000000000000525324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4d0d96b2816e82021-12-21 11:23:42.699root 11241100x8000000000000000525325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec5ccba82da0e12021-12-21 11:23:42.699root 11241100x8000000000000000525326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac4eb7b1f57eaed2021-12-21 11:23:42.700root 11241100x8000000000000000525327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6633d4a0ab8764c02021-12-21 11:23:42.700root 11241100x8000000000000000525328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d40cf4e78cbcccd2021-12-21 11:23:42.700root 11241100x8000000000000000525329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a64069bc955d6f2021-12-21 11:23:42.700root 11241100x8000000000000000525330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf2382f79cf9db12021-12-21 11:23:42.700root 11241100x8000000000000000525331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ddc87db08c51d2021-12-21 11:23:43.193root 11241100x8000000000000000525332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20cbac7858e3b602021-12-21 11:23:43.193root 11241100x8000000000000000525333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cbac268aa3f56b2021-12-21 11:23:43.193root 11241100x8000000000000000525334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3383ac04be9a2f2021-12-21 11:23:43.194root 11241100x8000000000000000525335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce82ea2d48a428ec2021-12-21 11:23:43.194root 11241100x8000000000000000525336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541076c5c718c9eb2021-12-21 11:23:43.194root 11241100x8000000000000000525337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc766aa235f40f812021-12-21 11:23:43.194root 11241100x8000000000000000525338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8ff9b64386a1272021-12-21 11:23:43.194root 11241100x8000000000000000525339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b88ffb8b10888822021-12-21 11:23:43.194root 11241100x8000000000000000525340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30c19a83d78e7522021-12-21 11:23:43.194root 11241100x8000000000000000525341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f01597745e28df2021-12-21 11:23:43.194root 11241100x8000000000000000525342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a047591d3a7d53c2021-12-21 11:23:43.194root 11241100x8000000000000000525343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18104b4c1938ce62021-12-21 11:23:43.195root 11241100x8000000000000000525344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30164f4eeafb922a2021-12-21 11:23:43.195root 11241100x8000000000000000525345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafae91c084e341b2021-12-21 11:23:43.195root 11241100x8000000000000000525346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3638a03beca1316d2021-12-21 11:23:43.195root 11241100x8000000000000000525347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d6ad9ef8a6f0672021-12-21 11:23:43.195root 11241100x8000000000000000525348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8b71821ea5ab412021-12-21 11:23:43.196root 11241100x8000000000000000525349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd73ac5debc7ace2021-12-21 11:23:43.196root 11241100x8000000000000000525350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb03d8c26715692021-12-21 11:23:43.197root 11241100x8000000000000000525351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79721a682071c7b22021-12-21 11:23:43.197root 11241100x8000000000000000525352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c8d4f9534d1e5a2021-12-21 11:23:43.197root 11241100x8000000000000000525353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c64fe17b3204f1f2021-12-21 11:23:43.197root 11241100x8000000000000000525354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ff0d9b4f4ee24b2021-12-21 11:23:43.197root 11241100x8000000000000000525355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf73ed3d7b393582021-12-21 11:23:43.197root 11241100x8000000000000000525356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f840e76d3884632021-12-21 11:23:43.198root 11241100x8000000000000000525357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053aee9ca079384e2021-12-21 11:23:43.198root 11241100x8000000000000000525358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb8e25476179812021-12-21 11:23:43.693root 11241100x8000000000000000525359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa024f1c92cec522021-12-21 11:23:43.693root 11241100x8000000000000000525360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c814f602de7fc972021-12-21 11:23:43.694root 11241100x8000000000000000525361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f201bf3764879902021-12-21 11:23:43.694root 11241100x8000000000000000525362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe20df0f9fadcb862021-12-21 11:23:43.694root 11241100x8000000000000000525363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc2a7f0bb6800b82021-12-21 11:23:43.694root 11241100x8000000000000000525364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caba02dc38bf8612021-12-21 11:23:43.695root 11241100x8000000000000000525365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5529dea54a013e122021-12-21 11:23:43.695root 11241100x8000000000000000525366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d9d0cddba50ed2021-12-21 11:23:43.695root 11241100x8000000000000000525367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c285c965fb02032021-12-21 11:23:43.695root 11241100x8000000000000000525368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2fb9c927431d2c2021-12-21 11:23:43.695root 11241100x8000000000000000525369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00920dbb52193a452021-12-21 11:23:43.695root 11241100x8000000000000000525370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abdf23e03ff46782021-12-21 11:23:43.695root 11241100x8000000000000000525371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d673b5742cf41df2021-12-21 11:23:43.696root 11241100x8000000000000000525372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91c9a30c65af802021-12-21 11:23:43.696root 11241100x8000000000000000525373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853435a306e1e32d2021-12-21 11:23:43.696root 11241100x8000000000000000525374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7137ee70e6e4bef2021-12-21 11:23:43.696root 11241100x8000000000000000525375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061a4ef8d3e770a42021-12-21 11:23:43.696root 11241100x8000000000000000525376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fee93cf8d7bf4c2021-12-21 11:23:43.696root 11241100x8000000000000000525377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e180ed9a999bd2452021-12-21 11:23:43.696root 11241100x8000000000000000525378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954a2ec8e97879e92021-12-21 11:23:43.697root 11241100x8000000000000000525379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921f2868d5dc39562021-12-21 11:23:43.697root 11241100x8000000000000000525380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775572dcd9ee1e3b2021-12-21 11:23:43.697root 11241100x8000000000000000525381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde33c14c4ff1742021-12-21 11:23:43.697root 11241100x8000000000000000525382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0a5a3002bd40532021-12-21 11:23:43.697root 354300x8000000000000000525383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.062{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48476-false10.0.1.12-8000- 11241100x8000000000000000525384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffff60ab70004562021-12-21 11:23:44.063root 11241100x8000000000000000525385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a777e32e20497752021-12-21 11:23:44.063root 11241100x8000000000000000525386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4bb4ea554a9eb52021-12-21 11:23:44.064root 11241100x8000000000000000525387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a94f855500009d52021-12-21 11:23:44.064root 11241100x8000000000000000525388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0f70269c13bd252021-12-21 11:23:44.064root 11241100x8000000000000000525389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099bd6257e5c13c12021-12-21 11:23:44.064root 11241100x8000000000000000525390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1e6fa6dbfc4ec2021-12-21 11:23:44.064root 11241100x8000000000000000525391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd817c6e9ec6e8a52021-12-21 11:23:44.064root 11241100x8000000000000000525392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc84e44f62e19b92021-12-21 11:23:44.065root 11241100x8000000000000000525393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea84c66b73878ad2021-12-21 11:23:44.065root 11241100x8000000000000000525394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8d89efec5da5282021-12-21 11:23:44.065root 11241100x8000000000000000525395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526011c67326281e2021-12-21 11:23:44.065root 11241100x8000000000000000525396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dfee59e269897c2021-12-21 11:23:44.065root 11241100x8000000000000000525397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5d6b1ab6ec7572021-12-21 11:23:44.065root 11241100x8000000000000000525398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf46ad3146c1d7bf2021-12-21 11:23:44.065root 11241100x8000000000000000525399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6132d83a3b2b6c412021-12-21 11:23:44.066root 11241100x8000000000000000525400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf71ee5c0cd938a62021-12-21 11:23:44.066root 11241100x8000000000000000525401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eae36754c2b4a92021-12-21 11:23:44.067root 11241100x8000000000000000525402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eeaa124c2cd80c2021-12-21 11:23:44.067root 11241100x8000000000000000525403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4613d82e3fc907482021-12-21 11:23:44.067root 11241100x8000000000000000525404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf194310b407f6b02021-12-21 11:23:44.067root 11241100x8000000000000000525405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338cc89f79661902021-12-21 11:23:44.067root 11241100x8000000000000000525406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6575491b6b39d2021-12-21 11:23:44.067root 11241100x8000000000000000525407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc5c9404221d0f2021-12-21 11:23:44.067root 11241100x8000000000000000525408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3855193ab28884452021-12-21 11:23:44.068root 11241100x8000000000000000525409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab152bb308b2f22021-12-21 11:23:44.068root 11241100x8000000000000000525410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090e12d937b01cb82021-12-21 11:23:44.068root 11241100x8000000000000000525411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3104f86a9254fad32021-12-21 11:23:44.068root 11241100x8000000000000000525412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03534f12e1ff84412021-12-21 11:23:44.068root 11241100x8000000000000000525413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac620032f93731742021-12-21 11:23:44.068root 11241100x8000000000000000525414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55849248db71aa062021-12-21 11:23:44.068root 11241100x8000000000000000525415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce8d6164000192c2021-12-21 11:23:44.068root 11241100x8000000000000000525416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d15afdaaff79e2021-12-21 11:23:44.068root 11241100x8000000000000000525417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70727db81260dd52021-12-21 11:23:44.068root 11241100x8000000000000000525418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276ad60744e49b222021-12-21 11:23:44.068root 11241100x8000000000000000525419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544a3daea9ae6bf12021-12-21 11:23:44.443root 11241100x8000000000000000525420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37cf90c7c2166fa2021-12-21 11:23:44.443root 11241100x8000000000000000525421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167bd80f1577955c2021-12-21 11:23:44.443root 11241100x8000000000000000525422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dfafbd314b65f82021-12-21 11:23:44.443root 11241100x8000000000000000525423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2c31ed20c47f6b2021-12-21 11:23:44.443root 11241100x8000000000000000525424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176940399bf6440c2021-12-21 11:23:44.443root 11241100x8000000000000000525425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b212ec7426d29f02021-12-21 11:23:44.443root 11241100x8000000000000000525426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9264e4f6fe8ce5af2021-12-21 11:23:44.444root 11241100x8000000000000000525427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81315b2fa7fc9f022021-12-21 11:23:44.444root 11241100x8000000000000000525428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e5ceb4aa8ac6da2021-12-21 11:23:44.444root 11241100x8000000000000000525429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12618edb2567f1b2021-12-21 11:23:44.444root 11241100x8000000000000000525430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd487bbd5d55bc182021-12-21 11:23:44.444root 11241100x8000000000000000525431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ced8c592cfc9522021-12-21 11:23:44.444root 11241100x8000000000000000525432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d248c6e4851b79f2021-12-21 11:23:44.444root 11241100x8000000000000000525433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb8e3a90d32b7c2021-12-21 11:23:44.444root 11241100x8000000000000000525434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05516d85bf13a912021-12-21 11:23:44.445root 11241100x8000000000000000525435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df47ba56bfbdac32021-12-21 11:23:44.445root 11241100x8000000000000000525436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e52438ff57188c42021-12-21 11:23:44.445root 11241100x8000000000000000525437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d327fa3925c3342021-12-21 11:23:44.445root 11241100x8000000000000000525438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93524ff8217c0eae2021-12-21 11:23:44.445root 11241100x8000000000000000525439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633864965912ba712021-12-21 11:23:44.445root 11241100x8000000000000000525440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f72fc4aff34e6152021-12-21 11:23:44.445root 11241100x8000000000000000525441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf9ee58a014e5532021-12-21 11:23:44.445root 11241100x8000000000000000525442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ded7f55b60261232021-12-21 11:23:44.445root 11241100x8000000000000000525443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed2479f4851a182021-12-21 11:23:44.445root 11241100x8000000000000000525444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579272c9c4294322021-12-21 11:23:44.445root 11241100x8000000000000000525445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d8639422bba9b2021-12-21 11:23:44.445root 11241100x8000000000000000525446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b166ce82fd2b342021-12-21 11:23:44.445root 11241100x8000000000000000525447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bddca7924309402021-12-21 11:23:44.943root 11241100x8000000000000000525448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dea9e2c88fc92e82021-12-21 11:23:44.943root 11241100x8000000000000000525449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333be936744277852021-12-21 11:23:44.943root 11241100x8000000000000000525450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83d05882d4c2abe2021-12-21 11:23:44.944root 11241100x8000000000000000525451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140895d2e42107572021-12-21 11:23:44.944root 11241100x8000000000000000525452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d4bff6f0517ebd2021-12-21 11:23:44.944root 11241100x8000000000000000525453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9964886fc9e7f4de2021-12-21 11:23:44.944root 11241100x8000000000000000525454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acabc57b8ec38b3a2021-12-21 11:23:44.944root 11241100x8000000000000000525455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8d400ea5b43ac22021-12-21 11:23:44.944root 11241100x8000000000000000525456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5de2c6a4fb16432021-12-21 11:23:44.944root 11241100x8000000000000000525457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35bbac412566a6b2021-12-21 11:23:44.944root 11241100x8000000000000000525458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0833b1c03b9532021-12-21 11:23:44.945root 354300x8000000000000000525485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:50.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48478-false10.0.1.12-8000- 11241100x8000000000000000525486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3cca86a0a97a722021-12-21 11:23:50.442root 11241100x8000000000000000525487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f399c0f06231032021-12-21 11:23:50.942root 11241100x8000000000000000525488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb641dcb37f48e2021-12-21 11:23:51.442root 11241100x8000000000000000525489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410ca9ebf824cd42021-12-21 11:23:51.942root 11241100x8000000000000000525490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f738b5f8265efe8a2021-12-21 11:23:52.442root 11241100x8000000000000000525491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009ae01fdc8523402021-12-21 11:23:52.942root 11241100x8000000000000000525492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21750ca6afd980f72021-12-21 11:23:53.442root 11241100x8000000000000000525493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15ab994c07683022021-12-21 11:23:53.942root 11241100x8000000000000000525494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd50525f25cc8972021-12-21 11:23:54.442root 11241100x8000000000000000525495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c44b06ba929152021-12-21 11:23:54.942root 354300x8000000000000000525496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48480-false10.0.1.12-8000- 11241100x8000000000000000525497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c3f94e864e46bc2021-12-21 11:23:55.442root 11241100x8000000000000000525498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8480053ef101152021-12-21 11:23:55.442root 11241100x8000000000000000525499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500e462255652b62021-12-21 11:23:55.942root 11241100x8000000000000000525500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104698cb7ed0a20b2021-12-21 11:23:55.943root 11241100x8000000000000000525501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e755223459db41182021-12-21 11:23:56.442root 11241100x8000000000000000525502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36c4baa2be93412021-12-21 11:23:56.443root 11241100x8000000000000000525503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc60094a88f8392021-12-21 11:23:56.942root 11241100x8000000000000000525504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec4f657460a8ef02021-12-21 11:23:56.943root 11241100x8000000000000000525505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63649f19fcb4da82021-12-21 11:23:57.442root 11241100x8000000000000000525506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd212e1cd5875ecf2021-12-21 11:23:57.443root 11241100x8000000000000000525507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212ff5635bc498452021-12-21 11:23:57.942root 11241100x8000000000000000525508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ddb33c816472282021-12-21 11:23:57.943root 11241100x8000000000000000525509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add133914682763d2021-12-21 11:23:58.442root 11241100x8000000000000000525510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd4a180ca889aa2021-12-21 11:23:58.442root 11241100x8000000000000000525511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848aeff1c17e7eca2021-12-21 11:23:58.942root 11241100x8000000000000000525512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b65dbb5897ecd62021-12-21 11:23:58.943root 11241100x8000000000000000525513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855bc40450b9465e2021-12-21 11:23:59.442root 11241100x8000000000000000525514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a916af5e99d45d2021-12-21 11:23:59.443root 11241100x8000000000000000525515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9197706b01f8b522021-12-21 11:23:59.942root 11241100x8000000000000000525516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b2b2c8b0a59202021-12-21 11:23:59.943root 11241100x8000000000000000525517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7f5842aac6f3b2021-12-21 11:24:00.442root 11241100x8000000000000000525518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689b251e9a6f5b642021-12-21 11:24:00.443root 11241100x8000000000000000525519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff0096ea71d97f12021-12-21 11:24:00.942root 11241100x8000000000000000525520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e884e05696cbe2021-12-21 11:24:00.942root 354300x8000000000000000525521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48482-false10.0.1.12-8000- 11241100x8000000000000000525522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a300efed4feffc642021-12-21 11:24:01.442root 11241100x8000000000000000525523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc277b4a51339b952021-12-21 11:24:01.443root 11241100x8000000000000000525524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d194cd15ec720672021-12-21 11:24:01.443root 11241100x8000000000000000525525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9834cd11b4451f82021-12-21 11:24:01.942root 11241100x8000000000000000525526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1387b8e4514f128a2021-12-21 11:24:01.943root 11241100x8000000000000000525527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ed92bd83ac3bd22021-12-21 11:24:01.943root 11241100x8000000000000000525528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a64ab24a10346f2021-12-21 11:24:02.442root 11241100x8000000000000000525529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31a8c3ac1744b42021-12-21 11:24:02.443root 11241100x8000000000000000525530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdea7a1a77cf33d32021-12-21 11:24:02.443root 11241100x8000000000000000525531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d4c320b941892a2021-12-21 11:24:02.942root 11241100x8000000000000000525532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8710443d0ead64c2021-12-21 11:24:02.943root 11241100x8000000000000000525533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e8ca71de4cba92021-12-21 11:24:02.943root 11241100x8000000000000000525534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e04a6c2212859d2021-12-21 11:24:03.442root 11241100x8000000000000000525535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd33967e5e57c192021-12-21 11:24:03.443root 11241100x8000000000000000525536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63166d3052eca152021-12-21 11:24:03.443root 11241100x8000000000000000525537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb84f62c28b0ba052021-12-21 11:24:03.942root 11241100x8000000000000000525538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50913fcc9ccd71902021-12-21 11:24:03.943root 11241100x8000000000000000525539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a8a43c93e845e2021-12-21 11:24:03.943root 11241100x8000000000000000525540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e9a4ad8ece4bc2021-12-21 11:24:04.442root 11241100x8000000000000000525541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebf9ea4cc389ad22021-12-21 11:24:04.443root 11241100x8000000000000000525542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61752d1fbdc2bbd2021-12-21 11:24:04.443root 11241100x8000000000000000525543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb29b7871663cd2021-12-21 11:24:04.942root 11241100x8000000000000000525544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90673e65618021282021-12-21 11:24:04.943root 11241100x8000000000000000525545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96109b0d658a11a32021-12-21 11:24:04.943root 11241100x8000000000000000525546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3153cdc79799f52021-12-21 11:24:05.442root 11241100x8000000000000000525547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f62e366eca2f5d2021-12-21 11:24:05.443root 11241100x8000000000000000525548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57785b2fdad6c9642021-12-21 11:24:05.443root 11241100x8000000000000000525549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761b46edbd3acd1f2021-12-21 11:24:05.942root 11241100x8000000000000000525550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a1921760008842021-12-21 11:24:05.943root 11241100x8000000000000000525551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97a56b912d80a9f2021-12-21 11:24:05.943root 354300x8000000000000000525552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48484-false10.0.1.12-8000- 11241100x8000000000000000525553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:24:06.329root 11241100x8000000000000000525554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4aee47192db20f2021-12-21 11:24:06.330root 11241100x8000000000000000525555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d394ac896a3d24842021-12-21 11:24:06.330root 11241100x8000000000000000525556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0de6ac9620d9a2021-12-21 11:24:06.330root 11241100x8000000000000000525557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06974efc251025212021-12-21 11:24:06.330root 11241100x8000000000000000525558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dfeb8c4eb6b88d2021-12-21 11:24:06.693root 11241100x8000000000000000525559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939ec2bfdc31baae2021-12-21 11:24:06.693root 11241100x8000000000000000525560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f4d246e10bd70c2021-12-21 11:24:06.693root 11241100x8000000000000000525561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f011878f65fca02021-12-21 11:24:06.693root 11241100x8000000000000000525562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9786ccd9fb312b2021-12-21 11:24:06.693root 11241100x8000000000000000525563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c542e736e94f81e72021-12-21 11:24:07.193root 11241100x8000000000000000525564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abc6c9a65371fa32021-12-21 11:24:07.193root 11241100x8000000000000000525565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0df77be0087cb5d2021-12-21 11:24:07.193root 11241100x8000000000000000525566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d320c1e44bd48b522021-12-21 11:24:07.193root 11241100x8000000000000000525567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9528dd2cdd91c2021-12-21 11:24:07.193root 11241100x8000000000000000525568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc7781c50cc1b392021-12-21 11:24:07.692root 11241100x8000000000000000525569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28690bd3c4f801c52021-12-21 11:24:07.693root 11241100x8000000000000000525570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec20b698da6e2902021-12-21 11:24:07.693root 11241100x8000000000000000525571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e748617617fcea5e2021-12-21 11:24:07.693root 11241100x8000000000000000525572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b6189a32f0d9af2021-12-21 11:24:07.693root 11241100x8000000000000000525573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c44ecb1de7a902021-12-21 11:24:08.193root 11241100x8000000000000000525574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2b0b861c2dbbe92021-12-21 11:24:08.193root 11241100x8000000000000000525575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2923b729507db92021-12-21 11:24:08.193root 11241100x8000000000000000525576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f420940d3c0fac7e2021-12-21 11:24:08.193root 11241100x8000000000000000525577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c181dd01533042a2021-12-21 11:24:08.193root 11241100x8000000000000000525578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150d370544fa1572021-12-21 11:24:08.693root 11241100x8000000000000000525579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e364d4290ed29ad62021-12-21 11:24:08.693root 11241100x8000000000000000525580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5d28e6fa98d2a2021-12-21 11:24:08.693root 11241100x8000000000000000525581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e67519d40181fc2021-12-21 11:24:08.693root 11241100x8000000000000000525582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b820267bed010202021-12-21 11:24:08.693root 11241100x8000000000000000525583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca5fc4a6f91c7eb2021-12-21 11:24:09.193root 11241100x8000000000000000525584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f4b1ea8faf8b0c2021-12-21 11:24:09.193root 11241100x8000000000000000525585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a388a3910da062021-12-21 11:24:09.193root 11241100x8000000000000000525586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992d5695431ca1d22021-12-21 11:24:09.193root 11241100x8000000000000000525587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03e833f554dca302021-12-21 11:24:09.193root 23542300x8000000000000000525588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.330{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000525589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe6352968cd43672021-12-21 11:24:09.693root 11241100x8000000000000000525590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce212adcb24eed3a2021-12-21 11:24:09.693root 11241100x8000000000000000525591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8f609cf9df5562021-12-21 11:24:09.693root 11241100x8000000000000000525592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569b9cfbd7025a922021-12-21 11:24:09.693root 11241100x8000000000000000525593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a096b8f4c5dcadda2021-12-21 11:24:09.693root 11241100x8000000000000000525594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73309776fa6ed85d2021-12-21 11:24:09.693root 11241100x8000000000000000525595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3501073bc63a0062021-12-21 11:24:10.193root 11241100x8000000000000000525596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b448f8222ba45d2021-12-21 11:24:10.193root 11241100x8000000000000000525597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa80ce6600920d322021-12-21 11:24:10.193root 11241100x8000000000000000525598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea8a7e6095ac1342021-12-21 11:24:10.193root 11241100x8000000000000000525599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df321a073d7fa092021-12-21 11:24:10.193root 11241100x8000000000000000525600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf120408e6666f2021-12-21 11:24:10.193root 11241100x8000000000000000525601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a5bf62b61a56fd2021-12-21 11:24:10.693root 11241100x8000000000000000525602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec4852982722c52021-12-21 11:24:10.693root 11241100x8000000000000000525603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b83aa6d53708d1b2021-12-21 11:24:10.693root 11241100x8000000000000000525604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dc9fec80bb02062021-12-21 11:24:10.693root 11241100x8000000000000000525605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26f8d6548b235cd2021-12-21 11:24:10.693root 11241100x8000000000000000525606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b6ee24ffd578992021-12-21 11:24:10.693root 11241100x8000000000000000525607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236dc945587892602021-12-21 11:24:11.193root 11241100x8000000000000000525608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e21e4676b6bcd2021-12-21 11:24:11.193root 11241100x8000000000000000525609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578f38e05750add72021-12-21 11:24:11.193root 11241100x8000000000000000525610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aed6f4e1386619f2021-12-21 11:24:11.193root 11241100x8000000000000000525611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2fa87e7facff5c2021-12-21 11:24:11.193root 11241100x8000000000000000525612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5174000a9a7b8eb2021-12-21 11:24:11.193root 11241100x8000000000000000525613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1983abd22b7e3f0d2021-12-21 11:24:11.693root 11241100x8000000000000000525614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55665c4bcb7b0d182021-12-21 11:24:11.693root 11241100x8000000000000000525615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95269fad4dcbb1f92021-12-21 11:24:11.694root 11241100x8000000000000000525616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af898d61717fb28a2021-12-21 11:24:11.694root 11241100x8000000000000000525617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac630ec1b68b37f2021-12-21 11:24:11.694root 11241100x8000000000000000525618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca72881e5508802021-12-21 11:24:11.694root 354300x8000000000000000525619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48486-false10.0.1.12-8000- 11241100x8000000000000000525620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc56fc18990fcfc02021-12-21 11:24:12.090root 11241100x8000000000000000525621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f31ff91289bbe6c2021-12-21 11:24:12.091root 11241100x8000000000000000525622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98f465d47831ed2021-12-21 11:24:12.091root 11241100x8000000000000000525623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8703e12375634f2021-12-21 11:24:12.091root 11241100x8000000000000000525624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460dff6eb578de3a2021-12-21 11:24:12.091root 11241100x8000000000000000525625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d563de50b95462021-12-21 11:24:12.091root 11241100x8000000000000000525626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9b98f18d163af2021-12-21 11:24:12.091root 11241100x8000000000000000525627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93463bd3bad4cb42021-12-21 11:24:12.442root 11241100x8000000000000000525628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cd2b00fcfca8052021-12-21 11:24:12.443root 11241100x8000000000000000525629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a72c35c0fc9c85c2021-12-21 11:24:12.443root 11241100x8000000000000000525630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4328ae30a9595dc2021-12-21 11:24:12.443root 11241100x8000000000000000525631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a736ed50bbba80a2021-12-21 11:24:12.444root 11241100x8000000000000000525632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623863b81c72f8f2021-12-21 11:24:12.444root 11241100x8000000000000000525633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cff60f0fba16cf2021-12-21 11:24:12.444root 154100x8000000000000000525634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.860{ec2b6afe-b95c-61c1-6864-ada4b9550000}9862/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000525635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ceb20b2ff96452021-12-21 11:24:12.861root 11241100x8000000000000000525636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a226e0b405dd46972021-12-21 11:24:12.861root 11241100x8000000000000000525637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792c03d1cc98bb92021-12-21 11:24:12.861root 11241100x8000000000000000525638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1c8c4d84d3a3c22021-12-21 11:24:12.861root 11241100x8000000000000000525639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6530613ff2ac1e12021-12-21 11:24:12.862root 11241100x8000000000000000525640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a9402b2c6f81e12021-12-21 11:24:12.862root 11241100x8000000000000000525641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4abd8c5e741fa892021-12-21 11:24:12.862root 11241100x8000000000000000525642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0184b4551a5f02021-12-21 11:24:12.862root 534500x8000000000000000525643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.872{ec2b6afe-b95c-61c1-6864-ada4b9550000}9862/bin/psroot 11241100x8000000000000000525644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a2cd93007567462021-12-21 11:24:13.193root 11241100x8000000000000000525645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f1ad39f8abd312021-12-21 11:24:13.193root 11241100x8000000000000000525646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07fbbd3f98a6dc92021-12-21 11:24:13.193root 11241100x8000000000000000525647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dcdb1aa37c80762021-12-21 11:24:13.193root 11241100x8000000000000000525648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8810aff5a3c44c6d2021-12-21 11:24:13.193root 11241100x8000000000000000525649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34e28d3ed7410f2021-12-21 11:24:13.193root 11241100x8000000000000000525650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4ac8e9abc35f082021-12-21 11:24:13.193root 11241100x8000000000000000525651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36902feb2e60fdc92021-12-21 11:24:13.193root 11241100x8000000000000000525652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308a82424ebb001f2021-12-21 11:24:13.193root 11241100x8000000000000000525653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d2407a2010e4bc2021-12-21 11:24:13.693root 11241100x8000000000000000525654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288693c2c7a48132021-12-21 11:24:13.693root 11241100x8000000000000000525655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e24087078972242021-12-21 11:24:13.693root 11241100x8000000000000000525656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecdf61f57a592512021-12-21 11:24:13.693root 11241100x8000000000000000525657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b2a984e98122932021-12-21 11:24:13.693root 11241100x8000000000000000525658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df45ef393be9112021-12-21 11:24:13.694root 11241100x8000000000000000525659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41dc0713dd4b3e42021-12-21 11:24:13.694root 11241100x8000000000000000525660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a73b3329d5111c92021-12-21 11:24:13.694root 11241100x8000000000000000525661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95401f3885ef6792021-12-21 11:24:13.694root 11241100x8000000000000000525662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57468bcb3888643b2021-12-21 11:24:14.193root 11241100x8000000000000000525663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b86ee77872006ca2021-12-21 11:24:14.193root 11241100x8000000000000000525664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84bc1da26224cc62021-12-21 11:24:14.193root 11241100x8000000000000000525665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98d3c59130f71612021-12-21 11:24:14.193root 11241100x8000000000000000525666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd9d99402cffb42021-12-21 11:24:14.193root 11241100x8000000000000000525667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f7de064b296ec52021-12-21 11:24:14.193root 11241100x8000000000000000525668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c0175777416bc82021-12-21 11:24:14.193root 11241100x8000000000000000525669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5709ab9f80f8aba22021-12-21 11:24:14.193root 11241100x8000000000000000525670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d816f6385f08e2021-12-21 11:24:14.194root 11241100x8000000000000000525671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500540f6acf26b5c2021-12-21 11:24:14.693root 11241100x8000000000000000525672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27137b05720459052021-12-21 11:24:14.693root 11241100x8000000000000000525673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb42853ddf6748a62021-12-21 11:24:14.693root 11241100x8000000000000000525674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7451d73779a5db2021-12-21 11:24:14.693root 11241100x8000000000000000525675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1a6641037405cb2021-12-21 11:24:14.693root 11241100x8000000000000000525676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d384fe639d21bfc2021-12-21 11:24:14.693root 11241100x8000000000000000525677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b358aef3365d3f2021-12-21 11:24:14.693root 11241100x8000000000000000525678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d715a5f46d2e882021-12-21 11:24:14.693root 11241100x8000000000000000525679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa8d417ae37fdf02021-12-21 11:24:14.693root 11241100x8000000000000000525680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9252913526f6637b2021-12-21 11:24:15.193root 11241100x8000000000000000525681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe97b1d23e13fb22021-12-21 11:24:15.193root 11241100x8000000000000000525682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8142a1de0d73d2021-12-21 11:24:15.193root 11241100x8000000000000000525683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014eac2c5c929b32021-12-21 11:24:15.193root 11241100x8000000000000000525684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23bef39e79040582021-12-21 11:24:15.193root 11241100x8000000000000000525685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e422b4e7a919b702021-12-21 11:24:15.193root 11241100x8000000000000000525686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e970fd2ca70d02021-12-21 11:24:15.193root 11241100x8000000000000000525687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2964c9dd8485f22021-12-21 11:24:15.193root 11241100x8000000000000000525688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d142df8e2f7f1352021-12-21 11:24:15.194root 11241100x8000000000000000525689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ceaac8a4afc4562021-12-21 11:24:15.693root 11241100x8000000000000000525690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03139615bdbc015d2021-12-21 11:24:15.693root 11241100x8000000000000000525691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116866a97098b292021-12-21 11:24:15.693root 11241100x8000000000000000525692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf49d2dacbdd7c92021-12-21 11:24:15.693root 11241100x8000000000000000525693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c225860d7c68a4292021-12-21 11:24:15.693root 11241100x8000000000000000525694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5201df622474c42021-12-21 11:24:15.693root 11241100x8000000000000000525695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4292c23d86a14f2021-12-21 11:24:15.693root 11241100x8000000000000000525696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ec7d99aec35b1c2021-12-21 11:24:15.693root 11241100x8000000000000000525697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18f85e5b42449bc2021-12-21 11:24:15.693root 11241100x8000000000000000525698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be39b06d7390f6d42021-12-21 11:24:16.193root 11241100x8000000000000000525699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373657f09d7c559e2021-12-21 11:24:16.193root 11241100x8000000000000000525700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bc43e77c1d9fc72021-12-21 11:24:16.193root 11241100x8000000000000000525701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81abdaddc0e809262021-12-21 11:24:16.193root 11241100x8000000000000000525702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a2f96cf704b98e2021-12-21 11:24:16.193root 11241100x8000000000000000525703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ea88dfd33520ba2021-12-21 11:24:16.193root 11241100x8000000000000000525704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47af70f7fed5202021-12-21 11:24:16.194root 11241100x8000000000000000525705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d71cc929bc5c5f82021-12-21 11:24:16.194root 11241100x8000000000000000525706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcc1c606878824d2021-12-21 11:24:16.194root 11241100x8000000000000000525707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8929c767f28f65de2021-12-21 11:24:16.693root 11241100x8000000000000000525708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e0c98a24b6c422021-12-21 11:24:16.693root 11241100x8000000000000000525709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2349c5e7368285ea2021-12-21 11:24:16.693root 11241100x8000000000000000525710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1a04c41f4a78352021-12-21 11:24:16.693root 11241100x8000000000000000525711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3301c2d994c8c0a92021-12-21 11:24:16.693root 11241100x8000000000000000525712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717873d5856750982021-12-21 11:24:16.693root 11241100x8000000000000000525713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c5d30002f0d822021-12-21 11:24:16.693root 11241100x8000000000000000525714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9cfe0848c76db2021-12-21 11:24:16.694root 11241100x8000000000000000525715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e12aedcfb963de2021-12-21 11:24:16.694root 11241100x8000000000000000525716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1772c90319cb4c062021-12-21 11:24:17.193root 11241100x8000000000000000525717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ab9f9c4b3774a72021-12-21 11:24:17.193root 11241100x8000000000000000525718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206724e59b0deb0f2021-12-21 11:24:17.193root 11241100x8000000000000000525719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dcf0e08c8253fa2021-12-21 11:24:17.193root 11241100x8000000000000000525720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37eb0964cb05dbd2021-12-21 11:24:17.193root 11241100x8000000000000000525721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b101958fd3ed1942021-12-21 11:24:17.193root 11241100x8000000000000000525722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eae675876075ec2021-12-21 11:24:17.194root 11241100x8000000000000000525723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2ff8c629d179132021-12-21 11:24:17.194root 11241100x8000000000000000525724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2a3c5fcb0959942021-12-21 11:24:17.194root 11241100x8000000000000000525725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c641e3161f507a52021-12-21 11:24:17.693root 11241100x8000000000000000525726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f700e8f25c4ad02021-12-21 11:24:17.693root 11241100x8000000000000000525727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d693ace8a5e5202021-12-21 11:24:17.693root 11241100x8000000000000000525728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab7c981602bed42021-12-21 11:24:17.693root 11241100x8000000000000000525729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2682005f2c2ae9562021-12-21 11:24:17.693root 11241100x8000000000000000525730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25020a6906d258322021-12-21 11:24:17.693root 11241100x8000000000000000525731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c80987c666348a2021-12-21 11:24:17.694root 11241100x8000000000000000525732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d2582e2b01f782021-12-21 11:24:17.694root 11241100x8000000000000000525733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a876c38e88c2a42021-12-21 11:24:17.694root 354300x8000000000000000525734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.024{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48488-false10.0.1.12-8000- 11241100x8000000000000000525735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a63016efbbff6722021-12-21 11:24:18.025root 11241100x8000000000000000525736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27134d043e363b292021-12-21 11:24:18.026root 11241100x8000000000000000525737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed237f4500c2f8d52021-12-21 11:24:18.026root 11241100x8000000000000000525738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eb126cf6e05a862021-12-21 11:24:18.026root 11241100x8000000000000000525739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b474be1408c6dd7b2021-12-21 11:24:18.026root 11241100x8000000000000000525740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f953c05305d36a822021-12-21 11:24:18.026root 11241100x8000000000000000525741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc8ea8694d882682021-12-21 11:24:18.026root 11241100x8000000000000000525742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cea81b6583265b2021-12-21 11:24:18.026root 11241100x8000000000000000525743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ab2e4ce7800f32021-12-21 11:24:18.026root 11241100x8000000000000000525744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94e8975c372f812021-12-21 11:24:18.026root 11241100x8000000000000000525745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80afad5d5ec7a892021-12-21 11:24:18.026root 11241100x8000000000000000525746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99534c39b30968bb2021-12-21 11:24:18.443root 11241100x8000000000000000525747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914ff2b4ea702d72021-12-21 11:24:18.443root 11241100x8000000000000000525748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d3c6d611b1c0a2021-12-21 11:24:18.444root 11241100x8000000000000000525749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e01ed5a921d8f42021-12-21 11:24:18.444root 11241100x8000000000000000525750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec52f463dffc5bbb2021-12-21 11:24:18.444root 11241100x8000000000000000525751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e8533de085905f2021-12-21 11:24:18.444root 11241100x8000000000000000525752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8cbb05ec611c232021-12-21 11:24:18.444root 11241100x8000000000000000525753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf46fb4c513a5f62021-12-21 11:24:18.444root 11241100x8000000000000000525754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db0787fa597b46f2021-12-21 11:24:18.444root 11241100x8000000000000000525755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b683004ba9397a2c2021-12-21 11:24:18.444root 11241100x8000000000000000525756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d66403971a73082021-12-21 11:24:18.943root 11241100x8000000000000000525757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7f4854008255a72021-12-21 11:24:18.943root 11241100x8000000000000000525758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1d151e7e591c72021-12-21 11:24:18.943root 11241100x8000000000000000525759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdb4a01b0b364fc2021-12-21 11:24:18.943root 11241100x8000000000000000525760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3dc624c713e6d42021-12-21 11:24:18.943root 11241100x8000000000000000525761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa22e8c417dca242021-12-21 11:24:18.944root 11241100x8000000000000000525762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948077db054f6b1e2021-12-21 11:24:18.944root 11241100x8000000000000000525763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daad618c34e7f3b92021-12-21 11:24:18.944root 11241100x8000000000000000525764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ecad57d731d3e2021-12-21 11:24:18.944root 11241100x8000000000000000525765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf130bf54c7c48072021-12-21 11:24:18.944root 11241100x8000000000000000525766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6942ac9f6292432021-12-21 11:24:19.443root 11241100x8000000000000000525767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaea4a8dfa6210f2021-12-21 11:24:19.443root 11241100x8000000000000000525768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686333781d0dd92b2021-12-21 11:24:19.443root 11241100x8000000000000000525769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4506181b3827802021-12-21 11:24:19.443root 11241100x8000000000000000525770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad81390f1d623a62021-12-21 11:24:19.443root 11241100x8000000000000000525771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f90724fcfa5ca62021-12-21 11:24:19.443root 11241100x8000000000000000525772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d359262e8b9a5b2021-12-21 11:24:19.443root 11241100x8000000000000000525773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8532827cffbc2db82021-12-21 11:24:19.443root 11241100x8000000000000000525774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f867d8610185cf1e2021-12-21 11:24:19.443root 11241100x8000000000000000525775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31832e8acb8c190d2021-12-21 11:24:19.444root 11241100x8000000000000000525776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17069ee8d125f142021-12-21 11:24:19.943root 11241100x8000000000000000525777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de6928af5b5af222021-12-21 11:24:19.943root 11241100x8000000000000000525778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48a704cc1fd1032021-12-21 11:24:19.943root 11241100x8000000000000000525779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e463e6a1bef962021-12-21 11:24:19.943root 11241100x8000000000000000525780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c3f9f1c39fc02a2021-12-21 11:24:19.943root 11241100x8000000000000000525781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db5d5d1afb3a6242021-12-21 11:24:19.943root 11241100x8000000000000000525782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598e29a5aab18f0b2021-12-21 11:24:19.943root 11241100x8000000000000000525783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c1b5231e0c0cf22021-12-21 11:24:19.943root 11241100x8000000000000000525784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f6656fae123332021-12-21 11:24:19.944root 11241100x8000000000000000525785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f52122b133c2eb2021-12-21 11:24:19.944root 11241100x8000000000000000525786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9005f7205cb75e2021-12-21 11:24:20.443root 11241100x8000000000000000525787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd434c715546e0812021-12-21 11:24:20.443root 11241100x8000000000000000525788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0afb68d3f43cec2021-12-21 11:24:20.443root 11241100x8000000000000000525789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efcf2ade6e771cc2021-12-21 11:24:20.443root 11241100x8000000000000000525790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be90119e8107ddcf2021-12-21 11:24:20.443root 11241100x8000000000000000525791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc39e3526e0e87f2021-12-21 11:24:20.443root 11241100x8000000000000000525792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6a8d92ebf0795e2021-12-21 11:24:20.443root 11241100x8000000000000000525793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686406d55bcb5de2021-12-21 11:24:20.444root 11241100x8000000000000000525794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2450000b30729de12021-12-21 11:24:20.444root 11241100x8000000000000000525795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fc55936dbbb1e72021-12-21 11:24:20.444root 11241100x8000000000000000525796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceb5179d2a6bbdc2021-12-21 11:24:20.943root 11241100x8000000000000000525797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2226b2aec2f4f3292021-12-21 11:24:20.943root 11241100x8000000000000000525798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4176cf067a66c572021-12-21 11:24:20.943root 11241100x8000000000000000525799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10d905d93c2cc72021-12-21 11:24:20.943root 11241100x8000000000000000525800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883a32da6e4562112021-12-21 11:24:20.943root 11241100x8000000000000000525801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9415f907ffcdf32021-12-21 11:24:20.943root 11241100x8000000000000000525802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d3a979a0c004ec2021-12-21 11:24:20.943root 11241100x8000000000000000525803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64687180a4f807772021-12-21 11:24:20.943root 11241100x8000000000000000525804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3ab6fe36f4c8482021-12-21 11:24:20.943root 11241100x8000000000000000525805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6694ef8c968a4012021-12-21 11:24:20.944root 11241100x8000000000000000525806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20ef300d600d092021-12-21 11:24:21.443root 11241100x8000000000000000525807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f30cdff0204d782021-12-21 11:24:21.443root 11241100x8000000000000000525808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fb7cb707983ee12021-12-21 11:24:21.443root 11241100x8000000000000000525809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6112423445036ef32021-12-21 11:24:21.443root 11241100x8000000000000000525810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427baff77ca21e562021-12-21 11:24:21.443root 11241100x8000000000000000525811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a006a2b608a406072021-12-21 11:24:21.443root 11241100x8000000000000000525812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaca487323876ca2021-12-21 11:24:21.443root 11241100x8000000000000000525813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6898dde6a436835b2021-12-21 11:24:21.443root 11241100x8000000000000000525814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb612a68c3ca19a2021-12-21 11:24:21.444root 11241100x8000000000000000525815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d011c56a8a6162f2021-12-21 11:24:21.444root 11241100x8000000000000000525816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac0fe30a3cd82d92021-12-21 11:24:21.943root 11241100x8000000000000000525817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4272366fbb99cfb2021-12-21 11:24:21.943root 11241100x8000000000000000525818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d2433d603dc6c2021-12-21 11:24:21.943root 11241100x8000000000000000525819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b54d8be1210da12021-12-21 11:24:21.943root 11241100x8000000000000000525820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd34fdd3fc6cab2021-12-21 11:24:21.943root 11241100x8000000000000000525821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29460b9836dea132021-12-21 11:24:21.943root 11241100x8000000000000000525822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f72240b72d9ed2021-12-21 11:24:21.943root 11241100x8000000000000000525823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a47435618efc30d2021-12-21 11:24:21.943root 11241100x8000000000000000525824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ce7050341f26b82021-12-21 11:24:21.944root 11241100x8000000000000000525825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5036cc64bb4d562021-12-21 11:24:21.944root 11241100x8000000000000000525826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc87659614c56ce02021-12-21 11:24:22.443root 11241100x8000000000000000525827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03002900f4ff8a822021-12-21 11:24:22.443root 11241100x8000000000000000525828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ce4b36ba8a759a2021-12-21 11:24:22.443root 11241100x8000000000000000525829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed558eccfe9ce62021-12-21 11:24:22.443root 11241100x8000000000000000525830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2776789869d46a2021-12-21 11:24:22.443root 11241100x8000000000000000525831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31b72713d48fbc02021-12-21 11:24:22.443root 11241100x8000000000000000525832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bf196aea9fb8962021-12-21 11:24:22.444root 11241100x8000000000000000525833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54758691b97c912021-12-21 11:24:22.444root 11241100x8000000000000000525834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54de0ad38b28ae3a2021-12-21 11:24:22.444root 11241100x8000000000000000525835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8420579ec663477c2021-12-21 11:24:22.444root 11241100x8000000000000000525836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039e83df328743162021-12-21 11:24:22.943root 11241100x8000000000000000525837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb47959d9d7d20c2021-12-21 11:24:22.943root 11241100x8000000000000000525838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418292e84535a1322021-12-21 11:24:22.943root 11241100x8000000000000000525839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8396920f89c7a382021-12-21 11:24:22.943root 11241100x8000000000000000525840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc05c06cea79eb102021-12-21 11:24:22.943root 11241100x8000000000000000525841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5962a7b9b58608042021-12-21 11:24:22.943root 11241100x8000000000000000525842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4016125bc2a1b3e2021-12-21 11:24:22.944root 11241100x8000000000000000525843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14fa04fda47a3a32021-12-21 11:24:22.944root 11241100x8000000000000000525844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292c02e7b2d537e2021-12-21 11:24:22.944root 11241100x8000000000000000525845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3f4e1b541823df2021-12-21 11:24:22.944root 354300x8000000000000000525846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.095{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48490-false10.0.1.12-8000- 11241100x8000000000000000525847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c946fbda804b6252021-12-21 11:24:23.443root 11241100x8000000000000000525848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf4fcce27f964592021-12-21 11:24:23.443root 11241100x8000000000000000525849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9ce1d186783ac2021-12-21 11:24:23.443root 11241100x8000000000000000525850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397762f2db2789682021-12-21 11:24:23.443root 11241100x8000000000000000525851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6399adccdc29d2021-12-21 11:24:23.443root 11241100x8000000000000000525852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5553b7b4224705332021-12-21 11:24:23.443root 11241100x8000000000000000525853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c5f32b3205ec52021-12-21 11:24:23.443root 11241100x8000000000000000525854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d164bc31410ae02021-12-21 11:24:23.444root 11241100x8000000000000000525855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076321ab86b36d822021-12-21 11:24:23.444root 11241100x8000000000000000525856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af6a2a5a46520f02021-12-21 11:24:23.444root 11241100x8000000000000000525857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ce51f1788523612021-12-21 11:24:23.444root 11241100x8000000000000000525858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9261f72d6ea39d9d2021-12-21 11:24:23.943root 11241100x8000000000000000525859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab5db3de1066e3e2021-12-21 11:24:23.943root 11241100x8000000000000000525860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2361a879fb32f4922021-12-21 11:24:23.943root 11241100x8000000000000000525861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c63a0cb6319b6b2021-12-21 11:24:23.943root 11241100x8000000000000000525862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f6193b50177d4b2021-12-21 11:24:23.943root 11241100x8000000000000000525863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d537fc5a02deace22021-12-21 11:24:23.943root 11241100x8000000000000000525864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370b1e9d6adcfb72021-12-21 11:24:23.943root 11241100x8000000000000000525865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d0b5bddeb5f4732021-12-21 11:24:23.943root 11241100x8000000000000000525866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bef8282251701932021-12-21 11:24:23.944root 11241100x8000000000000000525867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28f5f8a0a208a3c2021-12-21 11:24:23.944root 11241100x8000000000000000525868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05d6142f46c32462021-12-21 11:24:23.944root 11241100x8000000000000000525869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2a9464ac3595b32021-12-21 11:24:24.443root 11241100x8000000000000000525870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547ddaf61e0abd5d2021-12-21 11:24:24.443root 11241100x8000000000000000525871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ef6b339e437e02021-12-21 11:24:24.443root 11241100x8000000000000000525872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fdbc1f53c623c02021-12-21 11:24:24.443root 11241100x8000000000000000525873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bebad006bcecd62021-12-21 11:24:24.443root 11241100x8000000000000000525874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfa68c5a2a767cc2021-12-21 11:24:24.443root 11241100x8000000000000000525875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47db414613d80ce2021-12-21 11:24:24.443root 11241100x8000000000000000525876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9336844322647e152021-12-21 11:24:24.443root 11241100x8000000000000000525877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6b88a2e4ea75f02021-12-21 11:24:24.443root 11241100x8000000000000000525878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d692dc34c52a92021-12-21 11:24:24.444root 11241100x8000000000000000525879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118f16f9f45ccfb2021-12-21 11:24:24.444root 11241100x8000000000000000525880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d4086de5780022021-12-21 11:24:24.943root 11241100x8000000000000000525881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c8393319ef0e802021-12-21 11:24:24.943root 11241100x8000000000000000525882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7fcde42663c30b2021-12-21 11:24:24.943root 11241100x8000000000000000525883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a162f75ecf2f41f2021-12-21 11:24:24.943root 11241100x8000000000000000525884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f35945744db4a12021-12-21 11:24:24.943root 11241100x8000000000000000525885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cd018e0cb9fb202021-12-21 11:24:24.943root 11241100x8000000000000000525886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b395a2d082033812021-12-21 11:24:24.943root 11241100x8000000000000000525887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6433895babd4852021-12-21 11:24:24.943root 11241100x8000000000000000525888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541518cb779bd4c42021-12-21 11:24:24.943root 11241100x8000000000000000525889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb7d78861dec1842021-12-21 11:24:24.943root 11241100x8000000000000000525890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77d94c3a8370e7a2021-12-21 11:24:24.944root 11241100x8000000000000000525891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0eefb7dba9e6062021-12-21 11:24:25.443root 11241100x8000000000000000525892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b02da517f89847d2021-12-21 11:24:25.443root 11241100x8000000000000000525893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6134dd84b4e669792021-12-21 11:24:25.443root 11241100x8000000000000000525894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb627e3373cb416f2021-12-21 11:24:25.443root 11241100x8000000000000000525895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64404c99f3cdc072021-12-21 11:24:25.443root 11241100x8000000000000000525896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040952e9ce8f7cb2021-12-21 11:24:25.443root 11241100x8000000000000000525897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44692ad8ae96ba2021-12-21 11:24:25.443root 11241100x8000000000000000525898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea71c2038384b402021-12-21 11:24:25.443root 11241100x8000000000000000525899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568630ca2c61698f2021-12-21 11:24:25.444root 11241100x8000000000000000525900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecdc23bd9b60a742021-12-21 11:24:25.444root 11241100x8000000000000000525901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2aa508b7f5068c2021-12-21 11:24:25.444root 354300x8000000000000000525902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35556-false10.0.1.12-8089- 11241100x8000000000000000525903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee62b9baddad192021-12-21 11:24:25.943root 11241100x8000000000000000525904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0f8f4f39f379d2021-12-21 11:24:25.943root 11241100x8000000000000000525905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02500094bc051b202021-12-21 11:24:25.943root 11241100x8000000000000000525906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b010115cf987d2021-12-21 11:24:25.943root 11241100x8000000000000000525907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a1790dc6909f2e2021-12-21 11:24:25.943root 11241100x8000000000000000525908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c552abc78ec363272021-12-21 11:24:25.943root 11241100x8000000000000000525909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d4e7c49b2a86d12021-12-21 11:24:25.943root 11241100x8000000000000000525910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52caffa090306c302021-12-21 11:24:25.943root 11241100x8000000000000000525911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ffd74c90906cad2021-12-21 11:24:25.944root 11241100x8000000000000000525912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b79de6f3221ef72021-12-21 11:24:25.944root 11241100x8000000000000000525913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1daff776f6b20e2021-12-21 11:24:25.944root 11241100x8000000000000000525914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480256351b93d312021-12-21 11:24:25.944root 11241100x8000000000000000525915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352d2c7f980eddf52021-12-21 11:24:26.443root 11241100x8000000000000000525916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fbaccdd08c145e2021-12-21 11:24:26.443root 11241100x8000000000000000525917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c95b49f4c3730c2021-12-21 11:24:26.443root 11241100x8000000000000000525918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420e98d9ff27ab02021-12-21 11:24:26.443root 11241100x8000000000000000525919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ed6e44aaadd46d2021-12-21 11:24:26.443root 11241100x8000000000000000525920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3486dd7f370c9602021-12-21 11:24:26.443root 11241100x8000000000000000525921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773b519b36f3cab92021-12-21 11:24:26.443root 11241100x8000000000000000525922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c1526f1a32efcb2021-12-21 11:24:26.443root 11241100x8000000000000000525923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a37bcc5eb245202021-12-21 11:24:26.443root 11241100x8000000000000000525924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5307263688ed06c2021-12-21 11:24:26.443root 11241100x8000000000000000525925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea1eddfc07ca592021-12-21 11:24:26.444root 11241100x8000000000000000525926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6210a1ff7180bfaa2021-12-21 11:24:26.444root 11241100x8000000000000000525927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b82883cd50e312021-12-21 11:24:26.943root 11241100x8000000000000000525928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8490d8af47f038b2021-12-21 11:24:26.943root 11241100x8000000000000000525929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c79862f026936d72021-12-21 11:24:26.943root 11241100x8000000000000000525930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7212f1dcb92af17e2021-12-21 11:24:26.943root 11241100x8000000000000000525931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c76a4d8b812dd2021-12-21 11:24:26.943root 11241100x8000000000000000525932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c983059e05cbce2021-12-21 11:24:26.943root 11241100x8000000000000000525933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e433f6ed063982021-12-21 11:24:26.943root 11241100x8000000000000000525934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1646dc3ec2d1ac2021-12-21 11:24:26.943root 11241100x8000000000000000525935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cec053f19f3faf2021-12-21 11:24:26.943root 11241100x8000000000000000525936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efd021ca32052462021-12-21 11:24:26.944root 11241100x8000000000000000525937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05045e32582e044c2021-12-21 11:24:26.944root 11241100x8000000000000000525938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384adf07cb535172021-12-21 11:24:26.944root 11241100x8000000000000000525939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ae56c816528552021-12-21 11:24:27.443root 11241100x8000000000000000525940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aaf74298ea4bd62021-12-21 11:24:27.443root 11241100x8000000000000000525941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc903563f62792472021-12-21 11:24:27.443root 11241100x8000000000000000525942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8760d9fbe44262021-12-21 11:24:27.443root 11241100x8000000000000000525943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c11aef9889f13842021-12-21 11:24:27.443root 11241100x8000000000000000525944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6c86e5aad8f7af2021-12-21 11:24:27.443root 11241100x8000000000000000525945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d9d300ca42c2d2021-12-21 11:24:27.443root 11241100x8000000000000000525946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d6ac712a670e412021-12-21 11:24:27.443root 11241100x8000000000000000525947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77e11796303df72021-12-21 11:24:27.443root 11241100x8000000000000000525948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0d18afcc8030432021-12-21 11:24:27.444root 11241100x8000000000000000525949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8a18cecc854f22021-12-21 11:24:27.444root 11241100x8000000000000000525950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b16618171bbfb2021-12-21 11:24:27.444root 11241100x8000000000000000525951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c65c61cd21966b2021-12-21 11:24:27.943root 11241100x8000000000000000525952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d05435d110cbb82021-12-21 11:24:27.943root 11241100x8000000000000000525953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458bb1cbd775d9972021-12-21 11:24:27.943root 11241100x8000000000000000525954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa6ec31ab0bbd552021-12-21 11:24:27.943root 11241100x8000000000000000525955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1991ae3c5f0f472021-12-21 11:24:27.943root 11241100x8000000000000000525956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc590686e88eba62021-12-21 11:24:27.943root 11241100x8000000000000000525957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed94a1fd253d69d52021-12-21 11:24:27.943root 11241100x8000000000000000525958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc2c9001ae278d82021-12-21 11:24:27.943root 11241100x8000000000000000525959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6761b7de69ba5a9c2021-12-21 11:24:27.943root 11241100x8000000000000000525960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c246029d7030af2021-12-21 11:24:27.944root 11241100x8000000000000000525961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3741b90c13f532bd2021-12-21 11:24:27.944root 11241100x8000000000000000525962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167b9bd517db24842021-12-21 11:24:27.944root 354300x8000000000000000525963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.232{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48494-false10.0.1.12-8000- 11241100x8000000000000000525964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a9178a1695a512021-12-21 11:24:28.232root 11241100x8000000000000000525965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc8e7c3227cf4262021-12-21 11:24:28.232root 11241100x8000000000000000525966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96470ef0b268eb82021-12-21 11:24:28.233root 11241100x8000000000000000525967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b06f8c2cd4e842021-12-21 11:24:28.233root 11241100x8000000000000000525968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc593bbb2c14ec682021-12-21 11:24:28.233root 11241100x8000000000000000525969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a717d04e2a41bd02021-12-21 11:24:28.233root 11241100x8000000000000000525970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b2f65700a3b9172021-12-21 11:24:28.233root 11241100x8000000000000000525971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f619e57b770c5252021-12-21 11:24:28.233root 11241100x8000000000000000525972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97e7fa218eb9c52021-12-21 11:24:28.234root 11241100x8000000000000000525973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1bc6e4c5734e4e2021-12-21 11:24:28.234root 11241100x8000000000000000525974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5890b11a04ae54402021-12-21 11:24:28.234root 11241100x8000000000000000525975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096f52f21a9e11cf2021-12-21 11:24:28.234root 11241100x8000000000000000525976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df76a1d2fc5f55a02021-12-21 11:24:28.234root 11241100x8000000000000000525977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe4b0eb31c8ec32021-12-21 11:24:28.693root 11241100x8000000000000000525978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b836e5b5aefa7a2021-12-21 11:24:28.693root 11241100x8000000000000000525979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed1b5db9b28ea002021-12-21 11:24:28.693root 11241100x8000000000000000525980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db4e43e702bad922021-12-21 11:24:28.693root 11241100x8000000000000000525981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3f2c035e9a0ba22021-12-21 11:24:28.693root 11241100x8000000000000000525982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa9c993568b43762021-12-21 11:24:28.693root 11241100x8000000000000000525983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd160fa42ce8247a2021-12-21 11:24:28.693root 11241100x8000000000000000525984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3d7e4d0742de632021-12-21 11:24:28.694root 11241100x8000000000000000525985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d90fbe25c82bda2021-12-21 11:24:28.694root 11241100x8000000000000000525986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10649bd5c5188f22021-12-21 11:24:28.694root 11241100x8000000000000000525987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd6bf57567e0a7c2021-12-21 11:24:28.694root 11241100x8000000000000000525988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a16c226a8b05b22021-12-21 11:24:28.694root 11241100x8000000000000000525989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d1eb39e21599022021-12-21 11:24:28.694root 11241100x8000000000000000525990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eb50f040541e002021-12-21 11:24:29.193root 11241100x8000000000000000525991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740700e502b481542021-12-21 11:24:29.193root 11241100x8000000000000000525992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaebd7a7eaf01272021-12-21 11:24:29.193root 11241100x8000000000000000525993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043cbb6d2cc0718e2021-12-21 11:24:29.193root 11241100x8000000000000000525994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a89a0fbcb9b3bcd2021-12-21 11:24:29.193root 11241100x8000000000000000525995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f56a7ee760889532021-12-21 11:24:29.193root 11241100x8000000000000000525996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f81299aca89bb5f2021-12-21 11:24:29.193root 11241100x8000000000000000525997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0c125566bc02b2021-12-21 11:24:29.193root 11241100x8000000000000000525998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45dc8368f93cf492021-12-21 11:24:29.194root 11241100x8000000000000000525999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c166e5ae01530ef2021-12-21 11:24:29.194root 11241100x8000000000000000526000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5759947492cb20d72021-12-21 11:24:29.194root 11241100x8000000000000000526001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045cff046b16c362021-12-21 11:24:29.194root 11241100x8000000000000000526002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56bee1331ae82d42021-12-21 11:24:29.194root 11241100x8000000000000000526003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdba37e361f94812021-12-21 11:24:29.693root 11241100x8000000000000000526004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851c9af651de87b2021-12-21 11:24:29.693root 11241100x8000000000000000526005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae3a44510f589d2021-12-21 11:24:29.693root 11241100x8000000000000000526006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c67e7a58919c39c2021-12-21 11:24:29.694root 11241100x8000000000000000526007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795443858f84136b2021-12-21 11:24:29.694root 11241100x8000000000000000526008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69eece9f8a568a62021-12-21 11:24:29.694root 11241100x8000000000000000526009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69391bc750e16b262021-12-21 11:24:29.695root 11241100x8000000000000000526010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe630ce2d647dc292021-12-21 11:24:29.695root 11241100x8000000000000000526011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceb03b053e6afef2021-12-21 11:24:29.695root 11241100x8000000000000000526012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc42ceb636b29ce72021-12-21 11:24:29.695root 11241100x8000000000000000526013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6745adb943e9712021-12-21 11:24:29.695root 11241100x8000000000000000526014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e067fa0fe9a31dfa2021-12-21 11:24:29.695root 11241100x8000000000000000526015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d8f0768d0e3072021-12-21 11:24:29.696root 11241100x8000000000000000526016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8943f3c16f25362021-12-21 11:24:30.193root 11241100x8000000000000000526017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ab41ccca6cd7772021-12-21 11:24:30.193root 11241100x8000000000000000526018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7e7151df8888b2021-12-21 11:24:30.193root 11241100x8000000000000000526019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8f6a702ff81af52021-12-21 11:24:30.193root 11241100x8000000000000000526020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8658ef32e60d63b2021-12-21 11:24:30.194root 11241100x8000000000000000526021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93ae9ef27e5da7f2021-12-21 11:24:30.194root 11241100x8000000000000000526022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af38692c4999a9c2021-12-21 11:24:30.194root 11241100x8000000000000000526023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d65f96920de16d2021-12-21 11:24:30.194root 11241100x8000000000000000526024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc137193ea9c32e72021-12-21 11:24:30.194root 11241100x8000000000000000526025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f02d3b75696202021-12-21 11:24:30.194root 11241100x8000000000000000526026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ba582f466ec812021-12-21 11:24:30.195root 11241100x8000000000000000526027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00800c08ef74bed2021-12-21 11:24:30.195root 11241100x8000000000000000526028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0018ace40741ea492021-12-21 11:24:30.195root 11241100x8000000000000000526029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de98219fa3928f2021-12-21 11:24:30.693root 11241100x8000000000000000526030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caec17ede91291262021-12-21 11:24:30.693root 11241100x8000000000000000526031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19974b198f19e912021-12-21 11:24:30.693root 11241100x8000000000000000526032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5daa1b0dac2947c2021-12-21 11:24:30.693root 11241100x8000000000000000526033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0870c79a66eccb2021-12-21 11:24:30.694root 11241100x8000000000000000526034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5408d5d17345a4d2021-12-21 11:24:30.694root 11241100x8000000000000000526035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3928834714ca7b8f2021-12-21 11:24:30.694root 11241100x8000000000000000526036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ede7246514c9c12021-12-21 11:24:30.694root 11241100x8000000000000000526037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106189d2b96751032021-12-21 11:24:30.694root 11241100x8000000000000000526038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94928f3141645d942021-12-21 11:24:30.694root 11241100x8000000000000000526039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca62d3609d371fc2021-12-21 11:24:30.695root 11241100x8000000000000000526040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa00d2ebc8803c92021-12-21 11:24:30.695root 11241100x8000000000000000526041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3557ff2ffee2782021-12-21 11:24:30.695root 11241100x8000000000000000526042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8144216be66662c22021-12-21 11:24:31.193root 11241100x8000000000000000526043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270158cd1e9aa5802021-12-21 11:24:31.193root 11241100x8000000000000000526044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa85aadc4f053bf2021-12-21 11:24:31.193root 11241100x8000000000000000526045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a3ae2588e105982021-12-21 11:24:31.193root 11241100x8000000000000000526046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f98b22b88a0642021-12-21 11:24:31.193root 11241100x8000000000000000526047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335911a9e9f2df382021-12-21 11:24:31.193root 11241100x8000000000000000526048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53550793f4ae4eed2021-12-21 11:24:31.193root 11241100x8000000000000000526049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c998fcab2a27e2021-12-21 11:24:31.194root 11241100x8000000000000000526050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b319c1563789fe2021-12-21 11:24:31.194root 11241100x8000000000000000526051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2166f3e84e08358c2021-12-21 11:24:31.194root 11241100x8000000000000000526052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284faf77c16942f12021-12-21 11:24:31.194root 11241100x8000000000000000526053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998d6e6aadfe24d92021-12-21 11:24:31.194root 11241100x8000000000000000526054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad33280723a2225a2021-12-21 11:24:31.194root 11241100x8000000000000000526055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7fc4d8499f7c92021-12-21 11:24:31.693root 11241100x8000000000000000526056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1179482357616d762021-12-21 11:24:31.693root 11241100x8000000000000000526057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b9342c1e877fc92021-12-21 11:24:31.693root 11241100x8000000000000000526058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657482a7f57a5762021-12-21 11:24:31.693root 11241100x8000000000000000526059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25960a286d3695a2021-12-21 11:24:31.694root 11241100x8000000000000000526060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c60dda289f2aaa02021-12-21 11:24:31.694root 11241100x8000000000000000526061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae850e6c3db299a2021-12-21 11:24:31.694root 11241100x8000000000000000526062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43d743b3c6b31cc2021-12-21 11:24:31.694root 11241100x8000000000000000526063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c271df23b51442021-12-21 11:24:31.694root 11241100x8000000000000000526064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eed80e557cdf482021-12-21 11:24:31.695root 11241100x8000000000000000526065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e502ead67f59d42021-12-21 11:24:31.695root 11241100x8000000000000000526066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a41e49ffa93b222021-12-21 11:24:31.695root 11241100x8000000000000000526067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8644722b7885b22021-12-21 11:24:31.695root 11241100x8000000000000000526068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b103adc33f66692021-12-21 11:24:32.193root 11241100x8000000000000000526069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8e6d3538f07d32021-12-21 11:24:32.193root 11241100x8000000000000000526070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb312e13470b04752021-12-21 11:24:32.193root 11241100x8000000000000000526071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5966df5b5aabde2021-12-21 11:24:32.193root 11241100x8000000000000000526072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe22ba92dba88e2021-12-21 11:24:32.193root 11241100x8000000000000000526073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f268d497e222cd42021-12-21 11:24:32.193root 11241100x8000000000000000526074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2675cac292f3462021-12-21 11:24:32.194root 11241100x8000000000000000526075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b151e25ce0324f22021-12-21 11:24:32.194root 11241100x8000000000000000526076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4807801bb893332021-12-21 11:24:32.194root 11241100x8000000000000000526077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891f3162084ce242021-12-21 11:24:32.194root 11241100x8000000000000000526078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189666a19054fc22021-12-21 11:24:32.194root 11241100x8000000000000000526079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67722669467866462021-12-21 11:24:32.194root 11241100x8000000000000000526080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd1e5d2a3de7d2e2021-12-21 11:24:32.194root 11241100x8000000000000000526081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80760aab4043ce2021-12-21 11:24:32.693root 11241100x8000000000000000526082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb7daffa2767ca42021-12-21 11:24:32.693root 11241100x8000000000000000526083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d86578a3f79eef2021-12-21 11:24:32.693root 11241100x8000000000000000526084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ff2779a16c5e3a2021-12-21 11:24:32.693root 11241100x8000000000000000526085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476032c5144477d82021-12-21 11:24:32.693root 11241100x8000000000000000526086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb47025d176f1a022021-12-21 11:24:32.693root 11241100x8000000000000000526087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583fd92674071a8e2021-12-21 11:24:32.693root 11241100x8000000000000000526088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8672f02a54ac01ec2021-12-21 11:24:32.693root 11241100x8000000000000000526089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeffa0b4a1d4ff6b2021-12-21 11:24:32.694root 11241100x8000000000000000526090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4e86f21d569d662021-12-21 11:24:32.694root 11241100x8000000000000000526091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d4a748f085c3ee2021-12-21 11:24:32.694root 11241100x8000000000000000526092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d973b1082deec2b2021-12-21 11:24:32.694root 11241100x8000000000000000526093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49744bd4c186b52021-12-21 11:24:32.694root 11241100x8000000000000000526094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c0e879250676ed2021-12-21 11:24:33.193root 11241100x8000000000000000526095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79c9e835f602862021-12-21 11:24:33.193root 11241100x8000000000000000526096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ed32a25491f9982021-12-21 11:24:33.193root 11241100x8000000000000000526097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8573287f234d1b3e2021-12-21 11:24:33.193root 11241100x8000000000000000526098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e693ec207c03f6532021-12-21 11:24:33.193root 11241100x8000000000000000526099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c51607ff0b4c52021-12-21 11:24:33.193root 11241100x8000000000000000526100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a64a867891066f02021-12-21 11:24:33.194root 11241100x8000000000000000526101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5f97eb6f1750272021-12-21 11:24:33.194root 11241100x8000000000000000526102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2b70e079aedc6b2021-12-21 11:24:33.194root 11241100x8000000000000000526103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cf4111f01ac6712021-12-21 11:24:33.194root 11241100x8000000000000000526104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71159f1254af148f2021-12-21 11:24:33.194root 11241100x8000000000000000526105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa4bd59823964162021-12-21 11:24:33.194root 11241100x8000000000000000526106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a381637bc8c9fa2021-12-21 11:24:33.194root 11241100x8000000000000000526107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e0933e461ddf522021-12-21 11:24:33.693root 11241100x8000000000000000526108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b1c6e7a71a6d5c2021-12-21 11:24:33.693root 11241100x8000000000000000526109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770ada7a12f3e3c72021-12-21 11:24:33.693root 11241100x8000000000000000526110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe35d385fa53c6ce2021-12-21 11:24:33.694root 11241100x8000000000000000526111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b89f8e811c5bb72021-12-21 11:24:33.694root 11241100x8000000000000000526112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5003ea5f730948ef2021-12-21 11:24:33.694root 11241100x8000000000000000526113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93af2b8de0cf1e7e2021-12-21 11:24:33.694root 11241100x8000000000000000526114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1734e0e46bfec8402021-12-21 11:24:33.694root 11241100x8000000000000000526115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbde9d1fcf3be91a2021-12-21 11:24:33.694root 11241100x8000000000000000526116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c466b4528f699602021-12-21 11:24:33.694root 11241100x8000000000000000526117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1054f91ab0c144782021-12-21 11:24:33.694root 11241100x8000000000000000526118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550a48431c2d3612021-12-21 11:24:33.694root 11241100x8000000000000000526119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feb7d77e2497ec42021-12-21 11:24:33.694root 354300x8000000000000000526120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.035{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48496-false10.0.1.12-8000- 11241100x8000000000000000526121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426585d7611640102021-12-21 11:24:34.037root 11241100x8000000000000000526122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61ca4a9886ea55e2021-12-21 11:24:34.037root 11241100x8000000000000000526123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60d99d85858c772021-12-21 11:24:34.037root 11241100x8000000000000000526124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadfad9496967ef82021-12-21 11:24:34.037root 11241100x8000000000000000526125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf41286e78a1d012021-12-21 11:24:34.037root 11241100x8000000000000000526126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124d306fe1e5ee52021-12-21 11:24:34.037root 11241100x8000000000000000526127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a05982fb14abcd2021-12-21 11:24:34.037root 11241100x8000000000000000526128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d8ec3036a593af2021-12-21 11:24:34.037root 11241100x8000000000000000526129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5af41ef80cf70a2021-12-21 11:24:34.037root 11241100x8000000000000000526130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b5886ac936189e2021-12-21 11:24:34.037root 11241100x8000000000000000526131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20feb67a6d79c18d2021-12-21 11:24:34.038root 11241100x8000000000000000526132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55394a92972bd5db2021-12-21 11:24:34.038root 11241100x8000000000000000526133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abf69aa0f58778f2021-12-21 11:24:34.038root 11241100x8000000000000000526134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07cc03248d0693a2021-12-21 11:24:34.038root 11241100x8000000000000000526135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83ea4096889d66e2021-12-21 11:24:34.443root 11241100x8000000000000000526136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b37e315354388c02021-12-21 11:24:34.443root 11241100x8000000000000000526137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c683f656f08e0432021-12-21 11:24:34.443root 11241100x8000000000000000526138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd675af2213b5d112021-12-21 11:24:34.443root 11241100x8000000000000000526139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3991ec44397c552021-12-21 11:24:34.443root 11241100x8000000000000000526140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba57700733845012021-12-21 11:24:34.443root 11241100x8000000000000000526141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c270308b16197c2021-12-21 11:24:34.443root 11241100x8000000000000000526142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8259f06669d9744a2021-12-21 11:24:34.443root 11241100x8000000000000000526143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4272e21431f5117c2021-12-21 11:24:34.444root 11241100x8000000000000000526144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aca23de5d3c5512021-12-21 11:24:34.444root 11241100x8000000000000000526145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49d6756acfae3b2021-12-21 11:24:34.444root 11241100x8000000000000000526146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e933a28b10b3a21f2021-12-21 11:24:34.444root 11241100x8000000000000000526147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056e3ac064355182021-12-21 11:24:34.444root 11241100x8000000000000000526148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6244943013c34db12021-12-21 11:24:34.444root 11241100x8000000000000000526149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb93e73aa9f6cca2021-12-21 11:24:34.943root 11241100x8000000000000000526150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbc8603db4247fb2021-12-21 11:24:34.943root 11241100x8000000000000000526151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af215c35df86139d2021-12-21 11:24:34.943root 11241100x8000000000000000526152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6e395a5d6d9872021-12-21 11:24:34.943root 11241100x8000000000000000526153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faa934cc924b1072021-12-21 11:24:34.943root 11241100x8000000000000000526154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1185f99bacd7c5a62021-12-21 11:24:34.943root 11241100x8000000000000000526155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a032d145f79d292021-12-21 11:24:34.943root 11241100x8000000000000000526156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1368591529d81f2021-12-21 11:24:34.943root 11241100x8000000000000000526157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bff7d1646073812021-12-21 11:24:34.944root 11241100x8000000000000000526158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88900999c0c2dfff2021-12-21 11:24:34.944root 11241100x8000000000000000526159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581991479846bf1b2021-12-21 11:24:34.944root 11241100x8000000000000000526160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0601bb590af19f92021-12-21 11:24:34.944root 11241100x8000000000000000526161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb65844a8e8ce32021-12-21 11:24:34.944root 11241100x8000000000000000526162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c1090e99d64e672021-12-21 11:24:34.944root 11241100x8000000000000000526163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991686616d9ccb92021-12-21 11:24:35.443root 11241100x8000000000000000526164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a1fee7ea40bf52021-12-21 11:24:35.443root 11241100x8000000000000000526165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb96bd94a5ac19b22021-12-21 11:24:35.443root 11241100x8000000000000000526166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5764497bfe4359ca2021-12-21 11:24:35.443root 11241100x8000000000000000526167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c1b3f3a3b344d2021-12-21 11:24:35.443root 11241100x8000000000000000526168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33db148d4cfc03902021-12-21 11:24:35.443root 11241100x8000000000000000526169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c4df56123f6e662021-12-21 11:24:35.443root 11241100x8000000000000000526170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1208e1d7edfffa282021-12-21 11:24:35.443root 11241100x8000000000000000526171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5eda962dabc5752021-12-21 11:24:35.444root 11241100x8000000000000000526172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3537fe17db4147cc2021-12-21 11:24:35.444root 11241100x8000000000000000526173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82ce375244cc2032021-12-21 11:24:35.444root 11241100x8000000000000000526174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a1c80cd66f7682021-12-21 11:24:35.444root 11241100x8000000000000000526175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6545aa75d5d8849a2021-12-21 11:24:35.444root 11241100x8000000000000000526176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b95089216f2c2b12021-12-21 11:24:35.444root 11241100x8000000000000000526177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1b5d84d70b27f2021-12-21 11:24:35.943root 11241100x8000000000000000526178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758a5de529eab4b02021-12-21 11:24:35.943root 11241100x8000000000000000526179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe05cdb70d1beb52021-12-21 11:24:35.943root 11241100x8000000000000000526180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796be04b56fd3cb12021-12-21 11:24:35.943root 11241100x8000000000000000526181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b605877c28e470a2021-12-21 11:24:35.944root 11241100x8000000000000000526182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3483edc3b560302021-12-21 11:24:35.944root 11241100x8000000000000000526183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a05e545626bb22021-12-21 11:24:35.944root 11241100x8000000000000000526184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c53ec5b5fc9742021-12-21 11:24:35.944root 11241100x8000000000000000526185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0d4fa42592ad172021-12-21 11:24:35.944root 11241100x8000000000000000526186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1528b1acb9139b2021-12-21 11:24:35.944root 11241100x8000000000000000526187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6b86ac95f8e63f2021-12-21 11:24:35.944root 11241100x8000000000000000526188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf34a234f9c037872021-12-21 11:24:35.944root 11241100x8000000000000000526189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bef9c12264593c2021-12-21 11:24:35.944root 11241100x8000000000000000526190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fe41fad72b274c2021-12-21 11:24:35.944root 11241100x8000000000000000526191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:24:36.329root 11241100x8000000000000000526192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0909090d317b0722021-12-21 11:24:36.330root 11241100x8000000000000000526193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c80ec24e294eefa2021-12-21 11:24:36.330root 11241100x8000000000000000526194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb22b92138d605f2021-12-21 11:24:36.330root 11241100x8000000000000000526195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ba28b61c752e62021-12-21 11:24:36.330root 11241100x8000000000000000526196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452050ee20dbd632021-12-21 11:24:36.330root 11241100x8000000000000000526197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff88a2e4f3c7e7e62021-12-21 11:24:36.330root 11241100x8000000000000000526198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9506fe12e92c777c2021-12-21 11:24:36.330root 11241100x8000000000000000526199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc01512216e31202021-12-21 11:24:36.330root 11241100x8000000000000000526200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8633385cb01a953a2021-12-21 11:24:36.331root 11241100x8000000000000000526201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c0dc220511ef832021-12-21 11:24:36.331root 11241100x8000000000000000526202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705e148455f629372021-12-21 11:24:36.331root 11241100x8000000000000000526203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f83144ac53d86bb2021-12-21 11:24:36.331root 11241100x8000000000000000526204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855dd4385114d3a32021-12-21 11:24:36.331root 11241100x8000000000000000526205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de8e20a3e1187372021-12-21 11:24:36.331root 11241100x8000000000000000526206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffab4fdfaee04de2021-12-21 11:24:36.331root 11241100x8000000000000000526207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0820dfa9d9db442021-12-21 11:24:36.693root 11241100x8000000000000000526208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a7dd0a5f68ad7a2021-12-21 11:24:36.693root 11241100x8000000000000000526209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0571fa18a8560b62021-12-21 11:24:36.693root 11241100x8000000000000000526210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa2b8ba4e9641862021-12-21 11:24:36.693root 11241100x8000000000000000526211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a816637d0eb35f2021-12-21 11:24:36.693root 11241100x8000000000000000526212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7200ead470c73272021-12-21 11:24:36.693root 11241100x8000000000000000526213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc073489a55b7192021-12-21 11:24:36.693root 11241100x8000000000000000526214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed0096ff8ed4e3f2021-12-21 11:24:36.693root 11241100x8000000000000000526215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fcd4205b40a25e2021-12-21 11:24:36.694root 11241100x8000000000000000526216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe0202aaa6ab742021-12-21 11:24:36.694root 11241100x8000000000000000526217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0e41d24726dd52021-12-21 11:24:36.694root 11241100x8000000000000000526218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb372adda60779b2021-12-21 11:24:36.694root 11241100x8000000000000000526219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18226f3ee899cbd92021-12-21 11:24:36.694root 11241100x8000000000000000526220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91513361d7431d8f2021-12-21 11:24:36.694root 11241100x8000000000000000526221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0c0cb346d2c2672021-12-21 11:24:36.694root 11241100x8000000000000000526222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bdc59d1ce3b3862021-12-21 11:24:37.193root 11241100x8000000000000000526223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a94c777c23feb852021-12-21 11:24:37.193root 11241100x8000000000000000526224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2d164197f4ad9a2021-12-21 11:24:37.193root 11241100x8000000000000000526225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09ea4ab58793a22021-12-21 11:24:37.193root 11241100x8000000000000000526226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fedf6a847cdcfeb2021-12-21 11:24:37.193root 11241100x8000000000000000526227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116afc11655b36ab2021-12-21 11:24:37.193root 11241100x8000000000000000526228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75092dd39ad78a0a2021-12-21 11:24:37.193root 11241100x8000000000000000526229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbfe060ccceb0172021-12-21 11:24:37.194root 11241100x8000000000000000526230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cda2e41fbf4c202021-12-21 11:24:37.194root 11241100x8000000000000000526231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38137fd70f342412021-12-21 11:24:37.194root 11241100x8000000000000000526232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19d2062c1c587582021-12-21 11:24:37.194root 11241100x8000000000000000526233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f418120b711a8c352021-12-21 11:24:37.194root 11241100x8000000000000000526234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c08b89c9f0995b92021-12-21 11:24:37.194root 11241100x8000000000000000526235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5186b976ba131b42021-12-21 11:24:37.194root 11241100x8000000000000000526236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57dc4f12eafd9702021-12-21 11:24:37.194root 11241100x8000000000000000526237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cd429f1c97a0a92021-12-21 11:24:37.693root 11241100x8000000000000000526238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6ab4ff2076044e2021-12-21 11:24:37.693root 11241100x8000000000000000526239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f9f31a6a10b11f2021-12-21 11:24:37.693root 11241100x8000000000000000526240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05430ee4ea5778ce2021-12-21 11:24:37.693root 11241100x8000000000000000526241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b9bacd9cd1d4672021-12-21 11:24:37.694root 11241100x8000000000000000526242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25979a575d6f59182021-12-21 11:24:37.694root 11241100x8000000000000000526243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac804b274c7b2532021-12-21 11:24:37.694root 11241100x8000000000000000526244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5404f732c925ce2021-12-21 11:24:37.694root 11241100x8000000000000000526245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446986af6307cb32021-12-21 11:24:37.694root 11241100x8000000000000000526246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bbe1634ac1ccf42021-12-21 11:24:37.695root 11241100x8000000000000000526247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41146be186e84b382021-12-21 11:24:37.695root 11241100x8000000000000000526248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbc4c1e8a65a5502021-12-21 11:24:37.695root 11241100x8000000000000000526249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89625cef51c49742021-12-21 11:24:37.695root 11241100x8000000000000000526250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f287f464ca8038572021-12-21 11:24:37.695root 11241100x8000000000000000526251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c2c737b3b97b72021-12-21 11:24:37.695root 11241100x8000000000000000526252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecefe3a33ae10f612021-12-21 11:24:38.193root 11241100x8000000000000000526253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1e5799f88086392021-12-21 11:24:38.193root 11241100x8000000000000000526254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac560978930ca072021-12-21 11:24:38.193root 11241100x8000000000000000526255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f8d545e6097f382021-12-21 11:24:38.193root 11241100x8000000000000000526256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a76b525dbfab1f2021-12-21 11:24:38.193root 11241100x8000000000000000526257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446523b455af41782021-12-21 11:24:38.194root 11241100x8000000000000000526258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2c4f092603f6542021-12-21 11:24:38.194root 11241100x8000000000000000526259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f038af67f4a225562021-12-21 11:24:38.194root 11241100x8000000000000000526260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c2408e948aa3ac2021-12-21 11:24:38.194root 11241100x8000000000000000526261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329747c260374c12021-12-21 11:24:38.194root 11241100x8000000000000000526262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a739802f8661f35f2021-12-21 11:24:38.194root 11241100x8000000000000000526263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed3c9e06839121c2021-12-21 11:24:38.194root 11241100x8000000000000000526264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d1888b9f91e5202021-12-21 11:24:38.194root 11241100x8000000000000000526265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640514f156c9dc32021-12-21 11:24:38.194root 11241100x8000000000000000526266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e3fb8ae7b32ed22021-12-21 11:24:38.194root 11241100x8000000000000000526267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3d6874960d3e712021-12-21 11:24:38.693root 11241100x8000000000000000526268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb2f9e09ec29fd2021-12-21 11:24:38.693root 11241100x8000000000000000526269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18939ed0cae5bda92021-12-21 11:24:38.693root 11241100x8000000000000000526270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f6d3f5250afbb62021-12-21 11:24:38.693root 11241100x8000000000000000526271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da055347746d9d212021-12-21 11:24:38.693root 11241100x8000000000000000526272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3260bddb7df957f02021-12-21 11:24:38.693root 11241100x8000000000000000526273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9dc1c123f2a98c2021-12-21 11:24:38.693root 11241100x8000000000000000526274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae8b4a8f86c551e2021-12-21 11:24:38.694root 11241100x8000000000000000526275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a393992e46becec2021-12-21 11:24:38.694root 11241100x8000000000000000526276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5ef1de36f259242021-12-21 11:24:38.694root 11241100x8000000000000000526277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e3d5e64038045f2021-12-21 11:24:38.694root 11241100x8000000000000000526278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d667de0a06b04c2021-12-21 11:24:38.694root 11241100x8000000000000000526279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f35e77869d9b3c2021-12-21 11:24:38.694root 11241100x8000000000000000526280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a21b15d27d1ea282021-12-21 11:24:38.694root 11241100x8000000000000000526281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfd9a4548879f9b2021-12-21 11:24:38.694root 354300x8000000000000000526282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.147{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48498-false10.0.1.12-8000- 11241100x8000000000000000526283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a0a59ba8e8dcbe2021-12-21 11:24:39.148root 11241100x8000000000000000526284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f737a47387bbec112021-12-21 11:24:39.148root 11241100x8000000000000000526285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea0054b70edbc72021-12-21 11:24:39.148root 11241100x8000000000000000526286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712ea5b6370dc0e2021-12-21 11:24:39.148root 11241100x8000000000000000526287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4bbd2102d2c68e2021-12-21 11:24:39.148root 11241100x8000000000000000526288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c752690c2abb502021-12-21 11:24:39.149root 11241100x8000000000000000526289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8460fd06603c792021-12-21 11:24:39.149root 11241100x8000000000000000526290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db4a4a8ca195e532021-12-21 11:24:39.149root 11241100x8000000000000000526291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f79122445363c72021-12-21 11:24:39.149root 11241100x8000000000000000526292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b67c28bff769cc12021-12-21 11:24:39.149root 11241100x8000000000000000526293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04c47f8d07638f02021-12-21 11:24:39.149root 11241100x8000000000000000526294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ee1367ddbb736d2021-12-21 11:24:39.149root 11241100x8000000000000000526295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb37f3bd0a51e22021-12-21 11:24:39.149root 11241100x8000000000000000526296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6d2145a747fe6f2021-12-21 11:24:39.149root 11241100x8000000000000000526297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b2c7fec38f480f2021-12-21 11:24:39.149root 11241100x8000000000000000526298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2568b73c17751d0e2021-12-21 11:24:39.150root 11241100x8000000000000000526299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ff84823d7531a2021-12-21 11:24:39.150root 11241100x8000000000000000526300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201590751455eae12021-12-21 11:24:39.150root 11241100x8000000000000000526301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c524cb7788702f42021-12-21 11:24:39.150root 11241100x8000000000000000526302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473acf24e9b9c6212021-12-21 11:24:39.150root 23542300x8000000000000000526303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000526304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053544f6cb5e63432021-12-21 11:24:39.443root 11241100x8000000000000000526305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b45a5498797994c2021-12-21 11:24:39.443root 11241100x8000000000000000526306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981d2e5136fb107f2021-12-21 11:24:39.443root 11241100x8000000000000000526307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eee66f0d5fe449a2021-12-21 11:24:39.443root 11241100x8000000000000000526308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9282af4caee32b2021-12-21 11:24:39.443root 11241100x8000000000000000526309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4829a238862d23792021-12-21 11:24:39.444root 11241100x8000000000000000526310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c49e396918d2e92021-12-21 11:24:39.444root 11241100x8000000000000000526311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39e3b37a08e4de52021-12-21 11:24:39.444root 11241100x8000000000000000526312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d7f77c1f214d792021-12-21 11:24:39.444root 11241100x8000000000000000526313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd896610c7d39b82021-12-21 11:24:39.444root 11241100x8000000000000000526314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b13b95bf7c7ae6c2021-12-21 11:24:39.444root 11241100x8000000000000000526315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b647f5f023461f692021-12-21 11:24:39.444root 11241100x8000000000000000526316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2065d964501db742021-12-21 11:24:39.444root 11241100x8000000000000000526317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f3df3e743006862021-12-21 11:24:39.444root 11241100x8000000000000000526318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e31279ecab5c362021-12-21 11:24:39.444root 11241100x8000000000000000526319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06bf4fe67ab2842021-12-21 11:24:39.444root 11241100x8000000000000000526320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4695a2c29e968ac2021-12-21 11:24:39.444root 11241100x8000000000000000526321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982b61774d725f262021-12-21 11:24:39.943root 11241100x8000000000000000526322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7779c9f1e98d09352021-12-21 11:24:39.943root 11241100x8000000000000000526323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f62facd08a4292021-12-21 11:24:39.943root 11241100x8000000000000000526324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7e1ad1fc3f7be82021-12-21 11:24:39.944root 11241100x8000000000000000526325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12edbdec3af22502021-12-21 11:24:39.944root 11241100x8000000000000000526326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83e000cab5d99ac2021-12-21 11:24:39.944root 11241100x8000000000000000526327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d544bab7c285a62021-12-21 11:24:39.944root 11241100x8000000000000000526328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb10ee5d00064852021-12-21 11:24:39.944root 11241100x8000000000000000526329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826bb005ac942b8c2021-12-21 11:24:39.944root 11241100x8000000000000000526330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d036405490bb3ba2021-12-21 11:24:39.944root 11241100x8000000000000000526331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fcd81d4e60a3422021-12-21 11:24:39.944root 11241100x8000000000000000526332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3ba93fc9e4f6942021-12-21 11:24:39.944root 11241100x8000000000000000526333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5b8e5a34d3bdd12021-12-21 11:24:39.944root 11241100x8000000000000000526334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b524fbd42f5e492021-12-21 11:24:39.944root 11241100x8000000000000000526335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bc5b9573b84f972021-12-21 11:24:39.944root 11241100x8000000000000000526336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235e8f8252f37fb2021-12-21 11:24:39.944root 11241100x8000000000000000526337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c2b0e351889e42021-12-21 11:24:39.944root 11241100x8000000000000000526338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e8e3b4cf7a6382021-12-21 11:24:40.443root 11241100x8000000000000000526339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42e2b2890abca32021-12-21 11:24:40.443root 11241100x8000000000000000526340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ff200dc5f4f4112021-12-21 11:24:40.443root 11241100x8000000000000000526341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635c7882d65de9d62021-12-21 11:24:40.443root 11241100x8000000000000000526342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e10631472e915302021-12-21 11:24:40.443root 11241100x8000000000000000526343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb5acc8522215a22021-12-21 11:24:40.444root 11241100x8000000000000000526344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf4d7ba981720842021-12-21 11:24:40.444root 11241100x8000000000000000526345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e818e789b0eba2e2021-12-21 11:24:40.444root 11241100x8000000000000000526346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2a0299880dc8cd2021-12-21 11:24:40.444root 11241100x8000000000000000526347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb9a45c561f50b2021-12-21 11:24:40.444root 11241100x8000000000000000526348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2e3f558fbe1e712021-12-21 11:24:40.444root 11241100x8000000000000000526349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c822111175e06982021-12-21 11:24:40.444root 11241100x8000000000000000526350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d948bdcb652c7f752021-12-21 11:24:40.444root 11241100x8000000000000000526351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa4d9dfdfc55702021-12-21 11:24:40.444root 11241100x8000000000000000526352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5c7603d109610a2021-12-21 11:24:40.444root 11241100x8000000000000000526353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2449f6a9c03c00122021-12-21 11:24:40.444root 11241100x8000000000000000526354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57652981d5ff87952021-12-21 11:24:40.444root 11241100x8000000000000000526355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9f68e0132da3002021-12-21 11:24:40.943root 11241100x8000000000000000526356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b2485499af25ad2021-12-21 11:24:40.943root 11241100x8000000000000000526357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7522fcf4e3ae5b7c2021-12-21 11:24:40.943root 11241100x8000000000000000526358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0835f78b0ffaba8b2021-12-21 11:24:40.943root 11241100x8000000000000000526359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb757b338e9705502021-12-21 11:24:40.943root 11241100x8000000000000000526360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4103d855d37ba932021-12-21 11:24:40.943root 11241100x8000000000000000526361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2121c37ccda0a3d42021-12-21 11:24:40.944root 11241100x8000000000000000526362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca60ffa4b0d166472021-12-21 11:24:40.944root 11241100x8000000000000000526363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a9b8fed929e87a2021-12-21 11:24:40.944root 11241100x8000000000000000526364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0662eb956a6a71322021-12-21 11:24:40.944root 11241100x8000000000000000526365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202f022098208672021-12-21 11:24:40.944root 11241100x8000000000000000526366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d6e491877c7a62021-12-21 11:24:40.944root 11241100x8000000000000000526367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03febb9e7fbfb12021-12-21 11:24:40.944root 11241100x8000000000000000526368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4c250b9e5a54dc2021-12-21 11:24:40.944root 11241100x8000000000000000526369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f4ea7d842a5d4d2021-12-21 11:24:40.944root 11241100x8000000000000000526370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f8c2382faf303d2021-12-21 11:24:40.944root 11241100x8000000000000000526371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f03e86b97c48e32021-12-21 11:24:40.944root 11241100x8000000000000000526372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734726e9a8057832021-12-21 11:24:41.443root 11241100x8000000000000000526373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3501420070c45e9b2021-12-21 11:24:41.443root 11241100x8000000000000000526374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4fe0aa336c6ee52021-12-21 11:24:41.443root 11241100x8000000000000000526375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4deb74ddc5149a02021-12-21 11:24:41.444root 11241100x8000000000000000526376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba0d4732e140822021-12-21 11:24:41.444root 11241100x8000000000000000526377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9e018a0772e2e22021-12-21 11:24:41.444root 11241100x8000000000000000526378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fd8727ec68e5492021-12-21 11:24:41.444root 11241100x8000000000000000526379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a33ab337a9dda42021-12-21 11:24:41.444root 11241100x8000000000000000526380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7986f13dbce8d8a02021-12-21 11:24:41.444root 11241100x8000000000000000526381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7df6395e5b34842021-12-21 11:24:41.444root 11241100x8000000000000000526382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57e4d9813d7a06f2021-12-21 11:24:41.444root 11241100x8000000000000000526383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613ddf93200f948d2021-12-21 11:24:41.444root 11241100x8000000000000000526384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff599fa24e6e80972021-12-21 11:24:41.444root 11241100x8000000000000000526385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f4ff5d68d5b542021-12-21 11:24:41.444root 11241100x8000000000000000526386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddf1b4373e162ef2021-12-21 11:24:41.444root 11241100x8000000000000000526387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00c8c24abcb1aa82021-12-21 11:24:41.444root 11241100x8000000000000000526388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6817951a6de82d2021-12-21 11:24:41.444root 11241100x8000000000000000526389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842fb1821eb95c62021-12-21 11:24:41.943root 11241100x8000000000000000526390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b343e76c71a53e2021-12-21 11:24:41.943root 11241100x8000000000000000526391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23032632d997b1172021-12-21 11:24:41.943root 11241100x8000000000000000526392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b22eb2db61357ff2021-12-21 11:24:41.943root 11241100x8000000000000000526393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86024bbc6603d6db2021-12-21 11:24:41.943root 11241100x8000000000000000526394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc54722226ccef22021-12-21 11:24:41.943root 11241100x8000000000000000526395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990a5977f2253d662021-12-21 11:24:41.944root 11241100x8000000000000000526396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b87c6cdb23aeb92021-12-21 11:24:41.944root 11241100x8000000000000000526397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc3acf8266970d42021-12-21 11:24:41.944root 11241100x8000000000000000526398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593bb981618115232021-12-21 11:24:41.944root 11241100x8000000000000000526399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4c3ece28e76c962021-12-21 11:24:41.944root 11241100x8000000000000000526400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b0c2b90ddb51272021-12-21 11:24:41.944root 11241100x8000000000000000526401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b07fff996ec89aa2021-12-21 11:24:41.944root 11241100x8000000000000000526402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbaf2168c3ab8b82021-12-21 11:24:41.944root 11241100x8000000000000000526403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d3754e377e9432021-12-21 11:24:41.944root 11241100x8000000000000000526404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ce4c568c10d5a2021-12-21 11:24:41.944root 11241100x8000000000000000526405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33df0501a5fb1de62021-12-21 11:24:41.944root 11241100x8000000000000000526406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d3f3d91bd041792021-12-21 11:24:42.443root 11241100x8000000000000000526407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812bd9e276f558542021-12-21 11:24:42.443root 11241100x8000000000000000526408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6029315d072e35442021-12-21 11:24:42.443root 11241100x8000000000000000526409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e105a4bb24b6d022021-12-21 11:24:42.443root 11241100x8000000000000000526410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9609e1855a5ee39f2021-12-21 11:24:42.443root 11241100x8000000000000000526411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80506eaed5956b1e2021-12-21 11:24:42.443root 11241100x8000000000000000526412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b80ae3221e5ef862021-12-21 11:24:42.444root 11241100x8000000000000000526413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b6b94badff6e882021-12-21 11:24:42.444root 11241100x8000000000000000526414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd0f82d46b7bc592021-12-21 11:24:42.444root 11241100x8000000000000000526415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cb3e148be95cff2021-12-21 11:24:42.444root 11241100x8000000000000000526416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f31fcf119aa59f92021-12-21 11:24:42.444root 11241100x8000000000000000526417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b0e5a687242b12021-12-21 11:24:42.444root 11241100x8000000000000000526418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c8d2e8de1580e92021-12-21 11:24:42.444root 11241100x8000000000000000526419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24017bdb5342cf292021-12-21 11:24:42.444root 11241100x8000000000000000526420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa33812ff418e7042021-12-21 11:24:42.444root 11241100x8000000000000000526421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200c803927c79d12021-12-21 11:24:42.444root 11241100x8000000000000000526422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae5217b0a8ba602021-12-21 11:24:42.444root 11241100x8000000000000000526423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106929cdcaeed4bd2021-12-21 11:24:42.943root 11241100x8000000000000000526424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f5565334da4a42021-12-21 11:24:42.943root 11241100x8000000000000000526425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aff5a16a15e78832021-12-21 11:24:42.943root 11241100x8000000000000000526426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc784460d943212021-12-21 11:24:42.943root 11241100x8000000000000000526427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52b09112daaac4e2021-12-21 11:24:42.943root 11241100x8000000000000000526428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd0e59d63487ff72021-12-21 11:24:42.943root 11241100x8000000000000000526429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee902b299dd505632021-12-21 11:24:42.944root 11241100x8000000000000000526430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403b599e848a40bd2021-12-21 11:24:42.944root 11241100x8000000000000000526431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e3a47e4e7e4a72021-12-21 11:24:42.944root 11241100x8000000000000000526432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02af6100bc10fbf32021-12-21 11:24:42.944root 11241100x8000000000000000526433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06f0657f8dc4cf02021-12-21 11:24:42.944root 11241100x8000000000000000526434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb830cc3a4439a52021-12-21 11:24:42.944root 11241100x8000000000000000526435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0b856e7c73e8852021-12-21 11:24:42.944root 11241100x8000000000000000526436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c429f2f0d2ceab2021-12-21 11:24:42.944root 11241100x8000000000000000526437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30010b9716ec8da52021-12-21 11:24:42.944root 11241100x8000000000000000526438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac98240ba578002021-12-21 11:24:42.944root 11241100x8000000000000000526439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9edf429b5e2ad2021-12-21 11:24:42.944root 11241100x8000000000000000526440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2abe8c8d584092021-12-21 11:24:43.443root 11241100x8000000000000000526441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a737e9784f484c92021-12-21 11:24:43.443root 11241100x8000000000000000526442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d252c1688a71f0462021-12-21 11:24:43.443root 11241100x8000000000000000526443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702fd1e75128fbee2021-12-21 11:24:43.443root 11241100x8000000000000000526444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d2cf655e85d1792021-12-21 11:24:43.444root 11241100x8000000000000000526445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220d6ef440754742021-12-21 11:24:43.444root 11241100x8000000000000000526446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdec04427217b70b2021-12-21 11:24:43.444root 11241100x8000000000000000526447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe29b4b554b1c30c2021-12-21 11:24:43.444root 11241100x8000000000000000526448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505122adaeaed0822021-12-21 11:24:43.444root 11241100x8000000000000000526449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe937c3392e30a52021-12-21 11:24:43.444root 11241100x8000000000000000526450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb568f20843bc992021-12-21 11:24:43.444root 11241100x8000000000000000526451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e90320e1b48ca882021-12-21 11:24:43.444root 11241100x8000000000000000526452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2a719d1d2ff42c2021-12-21 11:24:43.444root 11241100x8000000000000000526453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb78d97d0b9bc682021-12-21 11:24:43.444root 11241100x8000000000000000526454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e63b9a2c081b832021-12-21 11:24:43.444root 11241100x8000000000000000526455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c013c5576f2f502021-12-21 11:24:43.444root 11241100x8000000000000000526456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd360ebc582690f62021-12-21 11:24:43.444root 11241100x8000000000000000526457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f013a5ceff4d22021-12-21 11:24:43.943root 11241100x8000000000000000526458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0f45027be7f4e2021-12-21 11:24:43.943root 11241100x8000000000000000526459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f484b2064961af62021-12-21 11:24:43.943root 11241100x8000000000000000526460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba493293dd9a2ff2021-12-21 11:24:43.943root 11241100x8000000000000000526461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c14edc9717971072021-12-21 11:24:43.944root 11241100x8000000000000000526462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1426a9ea3bfa42021-12-21 11:24:43.944root 11241100x8000000000000000526463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1125c49d3fdb846d2021-12-21 11:24:43.944root 11241100x8000000000000000526464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff34b2b6805945e2021-12-21 11:24:43.944root 11241100x8000000000000000526465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130058286c5340c92021-12-21 11:24:43.944root 11241100x8000000000000000526466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c25f7f67f57d662021-12-21 11:24:43.944root 11241100x8000000000000000526467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3ff536a24ada502021-12-21 11:24:43.944root 11241100x8000000000000000526468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4991ad7b4f34202021-12-21 11:24:43.944root 11241100x8000000000000000526469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e4a69d28fbfea2021-12-21 11:24:43.944root 11241100x8000000000000000526470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097076d01253952d2021-12-21 11:24:43.944root 11241100x8000000000000000526471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfd23291ff190ff2021-12-21 11:24:43.944root 11241100x8000000000000000526472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042d8ac5318412c2021-12-21 11:24:43.944root 11241100x8000000000000000526473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0537ecf936f946c2021-12-21 11:24:43.944root 354300x8000000000000000526474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.234{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48500-false10.0.1.12-8000- 11241100x8000000000000000526475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e2c2df9a5d35a62021-12-21 11:24:44.235root 11241100x8000000000000000526476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8469e34eaae332021-12-21 11:24:44.235root 11241100x8000000000000000526477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4170fe13f7efcb802021-12-21 11:24:44.235root 11241100x8000000000000000526478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0584022f6603cd2021-12-21 11:24:44.235root 11241100x8000000000000000526479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2bcebd58bb7f6c2021-12-21 11:24:44.235root 11241100x8000000000000000526480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481bfd89c05fb2832021-12-21 11:24:44.235root 11241100x8000000000000000526481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74542fcb7089a5682021-12-21 11:24:44.235root 11241100x8000000000000000526482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931996a50ffac1d12021-12-21 11:24:44.235root 11241100x8000000000000000526483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead4174c457cde2a2021-12-21 11:24:44.235root 11241100x8000000000000000526484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b4d667595d72cf2021-12-21 11:24:44.235root 11241100x8000000000000000526485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1292b3a2b5f09052021-12-21 11:24:44.235root 11241100x8000000000000000526486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ca23b594be1bb2021-12-21 11:24:44.236root 11241100x8000000000000000526487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a240f2fcc2314b2021-12-21 11:24:44.236root 11241100x8000000000000000526488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1b045e4dfa525e2021-12-21 11:24:44.236root 11241100x8000000000000000526489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806394a2f95d1b542021-12-21 11:24:44.236root 11241100x8000000000000000526490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e7a3d3304e0ec2021-12-21 11:24:44.236root 11241100x8000000000000000526491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1bec33a1a0e7902021-12-21 11:24:44.236root 11241100x8000000000000000526492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb642d5997a4dc22021-12-21 11:24:44.236root 11241100x8000000000000000526493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6601f197c1d55bb32021-12-21 11:24:44.237root 11241100x8000000000000000526494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a215011f4c6fa7332021-12-21 11:24:44.237root 11241100x8000000000000000526495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f1b7787789375a2021-12-21 11:24:44.237root 11241100x8000000000000000526496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc84fd5792689e2021-12-21 11:24:44.237root 11241100x8000000000000000526497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cba35e9a9c94ba2021-12-21 11:24:44.237root 11241100x8000000000000000526498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a72285c34a546792021-12-21 11:24:44.237root 11241100x8000000000000000526499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d6989246552442021-12-21 11:24:44.237root 11241100x8000000000000000526500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459ad9c8e00ded8d2021-12-21 11:24:44.238root 11241100x8000000000000000526501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0ecaecfd8c4c5a2021-12-21 11:24:44.238root 11241100x8000000000000000526502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924fd8e0a3e6b11d2021-12-21 11:24:44.238root 11241100x8000000000000000526503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48afb38929d80b9d2021-12-21 11:24:44.238root 11241100x8000000000000000526504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81672b38c7a8a6d32021-12-21 11:24:44.239root 11241100x8000000000000000526505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae73f3a50d5c9c42021-12-21 11:24:44.239root 11241100x8000000000000000526506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71060e18a998def42021-12-21 11:24:44.239root 11241100x8000000000000000526507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab72e5c6be95b472021-12-21 11:24:44.239root 11241100x8000000000000000526508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00085e26d4e077bc2021-12-21 11:24:44.240root 11241100x8000000000000000526509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f4d12a997a7ed2021-12-21 11:24:44.693root 11241100x8000000000000000526510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bac4e98eeec470b2021-12-21 11:24:44.693root 11241100x8000000000000000526511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da4539e273e93a2021-12-21 11:24:44.693root 11241100x8000000000000000526512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6eec86fe360da2021-12-21 11:24:44.693root 11241100x8000000000000000526513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a0f4c94ddefe8e2021-12-21 11:24:44.693root 11241100x8000000000000000526514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e02c1ee95cbad322021-12-21 11:24:44.693root 11241100x8000000000000000526515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233163a5150001762021-12-21 11:24:44.694root 11241100x8000000000000000526516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcad638084975172021-12-21 11:24:44.694root 11241100x8000000000000000526517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7efa11b6591a37c2021-12-21 11:24:44.694root 11241100x8000000000000000526518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b65e60c9bf5842021-12-21 11:24:44.694root 11241100x8000000000000000526519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5d2181a3c122f2021-12-21 11:24:44.694root 11241100x8000000000000000526520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1635737c7a5f50fd2021-12-21 11:24:44.694root 11241100x8000000000000000526521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d54517ace62647f2021-12-21 11:24:44.694root 11241100x8000000000000000526522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af731a0abf3c176a2021-12-21 11:24:44.694root 11241100x8000000000000000526523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e637401e2a40793d2021-12-21 11:24:44.694root 11241100x8000000000000000526524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7504dc1383fde08c2021-12-21 11:24:44.694root 11241100x8000000000000000526525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac2f6a99ef18dd2021-12-21 11:24:44.694root 11241100x8000000000000000526526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f70ca1ed8e308022021-12-21 11:24:44.694root 11241100x8000000000000000526527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a8daecaa67f0d2021-12-21 11:24:45.193root 11241100x8000000000000000526528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde13cecc09507b72021-12-21 11:24:45.193root 11241100x8000000000000000526529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d14068bf27c8c332021-12-21 11:24:45.193root 11241100x8000000000000000526530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb7b52e9a19c812021-12-21 11:24:45.193root 11241100x8000000000000000526531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf480804bb97812021-12-21 11:24:45.193root 11241100x8000000000000000526532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c27460b91fc66f2021-12-21 11:24:45.193root 11241100x8000000000000000526533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff32c8206afc5c82021-12-21 11:24:45.194root 11241100x8000000000000000526534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92388c9a2d034afd2021-12-21 11:24:45.194root 11241100x8000000000000000526535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e63111909cf992021-12-21 11:24:45.194root 11241100x8000000000000000526536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2e9fe95733b8df2021-12-21 11:24:45.194root 11241100x8000000000000000526537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27201b20fdc746d2021-12-21 11:24:45.194root 11241100x8000000000000000526538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9604009009fabf2021-12-21 11:24:45.194root 11241100x8000000000000000526539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb40f3d61b4b2932021-12-21 11:24:45.194root 11241100x8000000000000000526540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be0669938e917102021-12-21 11:24:45.194root 11241100x8000000000000000526541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ccefe13f067fa2021-12-21 11:24:45.194root 11241100x8000000000000000526542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c4e531d0b7b252021-12-21 11:24:45.194root 11241100x8000000000000000526543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dae525a76665342021-12-21 11:24:45.194root 11241100x8000000000000000526544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d93e00a234176d2021-12-21 11:24:45.194root 11241100x8000000000000000526545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec05a9cae93420c2021-12-21 11:24:45.693root 11241100x8000000000000000526546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05898772199cf87f2021-12-21 11:24:45.693root 11241100x8000000000000000526547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa01796e05f119f2021-12-21 11:24:45.693root 11241100x8000000000000000526548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c608ab8c2a3e3b72021-12-21 11:24:45.693root 11241100x8000000000000000526549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b9b6729c3f6ba52021-12-21 11:24:45.693root 11241100x8000000000000000526550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c9463d72d683222021-12-21 11:24:45.694root 11241100x8000000000000000526551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae492ee0f8bf142021-12-21 11:24:45.694root 11241100x8000000000000000526552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35160698c29e3e182021-12-21 11:24:45.694root 11241100x8000000000000000526553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e6f734da271022021-12-21 11:24:45.694root 11241100x8000000000000000526554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa5d507d2c77292021-12-21 11:24:45.694root 11241100x8000000000000000526555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7fe3b175c6b3ca2021-12-21 11:24:45.694root 11241100x8000000000000000526556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cea9ec72a43dc7b2021-12-21 11:24:45.694root 11241100x8000000000000000526557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf16fa6b8cc4072021-12-21 11:24:45.694root 11241100x8000000000000000526558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97631065eabb76952021-12-21 11:24:45.694root 11241100x8000000000000000526559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6f1ec90d6250f62021-12-21 11:24:45.694root 11241100x8000000000000000526560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65afbf33d931cc752021-12-21 11:24:45.694root 11241100x8000000000000000526561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1050efba86e5b5412021-12-21 11:24:45.694root 11241100x8000000000000000526562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1876bdd908abc612021-12-21 11:24:45.695root 11241100x8000000000000000526563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324973f32a34a74c2021-12-21 11:24:46.193root 11241100x8000000000000000526564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2d4ec4bc3763052021-12-21 11:24:46.193root 11241100x8000000000000000526565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9d562365709702021-12-21 11:24:46.193root 11241100x8000000000000000526566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500d803d0eb98d272021-12-21 11:24:46.193root 11241100x8000000000000000526567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69927f524a0e751d2021-12-21 11:24:46.194root 11241100x8000000000000000526568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e925d3aa7da3ac2021-12-21 11:24:46.194root 11241100x8000000000000000526569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22538fc212e64af42021-12-21 11:24:46.194root 11241100x8000000000000000526570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ec4d5d52180e392021-12-21 11:24:46.194root 11241100x8000000000000000526571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70293a61bb2db882021-12-21 11:24:46.194root 11241100x8000000000000000526572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f650bf6e85b9ec2021-12-21 11:24:46.194root 11241100x8000000000000000526573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dead3d755dc8b4d52021-12-21 11:24:46.194root 11241100x8000000000000000526574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c6875b95dc2882021-12-21 11:24:46.194root 11241100x8000000000000000526575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ebf2c94f15720e2021-12-21 11:24:46.194root 11241100x8000000000000000526576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7335c5b4307a239d2021-12-21 11:24:46.194root 11241100x8000000000000000526577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35541c87c2cd12dc2021-12-21 11:24:46.194root 11241100x8000000000000000526578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9999e4598f76f242021-12-21 11:24:46.194root 11241100x8000000000000000526579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd460ae1ff62d4b2021-12-21 11:24:46.194root 11241100x8000000000000000526580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2745640cd10de25a2021-12-21 11:24:46.194root 11241100x8000000000000000526581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51952d5d1e21af62021-12-21 11:24:46.693root 11241100x8000000000000000526582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa60235a07eeecf32021-12-21 11:24:46.693root 11241100x8000000000000000526583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f06cfffb21a9ee2021-12-21 11:24:46.693root 11241100x8000000000000000526584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512f2bfab15ade462021-12-21 11:24:46.693root 11241100x8000000000000000526585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ec94842b30a162021-12-21 11:24:46.693root 11241100x8000000000000000526586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba5bf6bc53a83952021-12-21 11:24:46.694root 11241100x8000000000000000526587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5eb7feb5f09d4f2021-12-21 11:24:46.694root 11241100x8000000000000000526588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b9cd51f45c986f2021-12-21 11:24:46.694root 11241100x8000000000000000526589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b37bbb0fb37b9ee2021-12-21 11:24:46.694root 11241100x8000000000000000526590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb6e31a628e6c52021-12-21 11:24:46.694root 11241100x8000000000000000526591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfb39f87ae55a3b2021-12-21 11:24:46.694root 11241100x8000000000000000526592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed181e1af74205ca2021-12-21 11:24:46.694root 11241100x8000000000000000526593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b911dfec53892f02021-12-21 11:24:46.694root 11241100x8000000000000000526594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2026395a54f3e1132021-12-21 11:24:46.694root 11241100x8000000000000000526595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180800c2f76beef2021-12-21 11:24:46.694root 11241100x8000000000000000526596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f11bb2a532a77b2021-12-21 11:24:46.694root 11241100x8000000000000000526597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e6f3d1a35aea8b2021-12-21 11:24:46.694root 11241100x8000000000000000526598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee47e2838b96d43e2021-12-21 11:24:46.694root 11241100x8000000000000000526599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f32182fe75763e2021-12-21 11:24:47.193root 11241100x8000000000000000526600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.face4a41b5aa89dc2021-12-21 11:24:47.193root 11241100x8000000000000000526601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a3f0609ccdd28c2021-12-21 11:24:47.193root 11241100x8000000000000000526602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24dd5ca89cb90c02021-12-21 11:24:47.193root 11241100x8000000000000000526603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727ccf61ef371472021-12-21 11:24:47.193root 11241100x8000000000000000526604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363ff5eafcb07ad2021-12-21 11:24:47.194root 11241100x8000000000000000526605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc723afc2a82ca32021-12-21 11:24:47.194root 11241100x8000000000000000526606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62761283c953c9072021-12-21 11:24:47.194root 11241100x8000000000000000526607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394db3aa9336a7982021-12-21 11:24:47.194root 11241100x8000000000000000526608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d34221b62ae902021-12-21 11:24:47.194root 11241100x8000000000000000526609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63291d48771eb7022021-12-21 11:24:47.194root 11241100x8000000000000000526610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cab2eaf573fdba2021-12-21 11:24:47.194root 11241100x8000000000000000526611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46daf2d84a55b93d2021-12-21 11:24:47.194root 11241100x8000000000000000526612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed438054c48ac142021-12-21 11:24:47.194root 11241100x8000000000000000526613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b9f09bcfe4adaf2021-12-21 11:24:47.194root 11241100x8000000000000000526614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018f053426997ea72021-12-21 11:24:47.195root 11241100x8000000000000000526615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db739703528cecd2021-12-21 11:24:47.195root 11241100x8000000000000000526616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b006bb5f999102021-12-21 11:24:47.195root 11241100x8000000000000000526617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f744b42a49db10c62021-12-21 11:24:47.693root 11241100x8000000000000000526618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8e6c8691621852021-12-21 11:24:47.693root 11241100x8000000000000000526619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa1c68cfefd8dfb2021-12-21 11:24:47.694root 11241100x8000000000000000526620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0c38662b29a1952021-12-21 11:24:47.694root 11241100x8000000000000000526621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e0d2cd3b24e122021-12-21 11:24:47.694root 11241100x8000000000000000526622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f8dd4cb4177762021-12-21 11:24:47.694root 11241100x8000000000000000526623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e28bcf57850ac22021-12-21 11:24:47.694root 11241100x8000000000000000526624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4014f9bde4952e62021-12-21 11:24:47.694root 11241100x8000000000000000526625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913f84cc0c0e49572021-12-21 11:24:47.694root 11241100x8000000000000000526626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ba0006153cfc4d2021-12-21 11:24:47.694root 11241100x8000000000000000526627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7f4eff50d71fb2021-12-21 11:24:47.694root 11241100x8000000000000000526628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10af38c2a238eef22021-12-21 11:24:47.694root 11241100x8000000000000000526629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3777a5526ed9872021-12-21 11:24:47.695root 11241100x8000000000000000526630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b951a6a3b653bed2021-12-21 11:24:47.695root 11241100x8000000000000000526631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533c9c6c7b47e62c2021-12-21 11:24:47.695root 11241100x8000000000000000526632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a2285123b3195e2021-12-21 11:24:47.695root 11241100x8000000000000000526633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bcca3df396a9622021-12-21 11:24:47.695root 11241100x8000000000000000526634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4fed9a74256b8b2021-12-21 11:24:47.695root 11241100x8000000000000000526635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d7eae73dfa3822021-12-21 11:24:48.193root 11241100x8000000000000000526636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ce013a06aec5d52021-12-21 11:24:48.193root 11241100x8000000000000000526637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050cac8a55ce44882021-12-21 11:24:48.193root 11241100x8000000000000000526638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b7b8638a894ee2021-12-21 11:24:48.193root 11241100x8000000000000000526639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df1e024477195282021-12-21 11:24:48.193root 11241100x8000000000000000526640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f5a59ce0288892021-12-21 11:24:48.194root 11241100x8000000000000000526641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02324323d5e4f08c2021-12-21 11:24:48.194root 11241100x8000000000000000526642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8e844875d5aa552021-12-21 11:24:48.194root 11241100x8000000000000000526643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9a6f432aa68e382021-12-21 11:24:48.194root 11241100x8000000000000000526644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e572bca35e7b0e732021-12-21 11:24:48.194root 11241100x8000000000000000526645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ce16272691bf5a2021-12-21 11:24:48.194root 11241100x8000000000000000526646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3d34eeb5db3d72021-12-21 11:24:48.194root 11241100x8000000000000000526647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25c31836a52aa192021-12-21 11:24:48.194root 11241100x8000000000000000526648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7939ddc449660a82021-12-21 11:24:48.194root 11241100x8000000000000000526649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b05c60b355d320e2021-12-21 11:24:48.194root 11241100x8000000000000000526650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1b3a12b4a85042021-12-21 11:24:48.194root 11241100x8000000000000000526651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c198015998200a2021-12-21 11:24:48.194root 11241100x8000000000000000526652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5145847fe22d292021-12-21 11:24:48.194root 11241100x8000000000000000526653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a26fde0eeedb82021-12-21 11:24:48.693root 11241100x8000000000000000526654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dfc334bc2940932021-12-21 11:24:48.693root 11241100x8000000000000000526655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c02c3dc76d070242021-12-21 11:24:48.693root 11241100x8000000000000000526656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f87b525ec161392021-12-21 11:24:48.694root 11241100x8000000000000000526657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6741fe8c36391c82021-12-21 11:24:48.694root 11241100x8000000000000000526658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3461a7bf8ebdad2021-12-21 11:24:48.694root 11241100x8000000000000000526659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612ee2d9b094c7582021-12-21 11:24:48.694root 11241100x8000000000000000526660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977b6b3b84238d22021-12-21 11:24:48.694root 11241100x8000000000000000526661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb63fe86fde3fe2021-12-21 11:24:48.694root 11241100x8000000000000000526662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7343df6c756951d2021-12-21 11:24:48.694root 11241100x8000000000000000526663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a00f3b8b5f236b42021-12-21 11:24:48.694root 11241100x8000000000000000526664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1cd08db5010a5b2021-12-21 11:24:48.694root 11241100x8000000000000000526665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2a383cd71e12fd2021-12-21 11:24:48.694root 11241100x8000000000000000526666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1cca5d575b294b2021-12-21 11:24:48.694root 11241100x8000000000000000526667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607d5e693ea3a88c2021-12-21 11:24:48.694root 11241100x8000000000000000526668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3321ae6f563aa9c22021-12-21 11:24:48.694root 11241100x8000000000000000526669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9bdd0d5a7aef92021-12-21 11:24:48.694root 11241100x8000000000000000526670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7155b7965fc698a2021-12-21 11:24:48.694root 11241100x8000000000000000526671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91ae54dd56642212021-12-21 11:24:49.193root 11241100x8000000000000000526672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2538096d98a9f6c52021-12-21 11:24:49.193root 11241100x8000000000000000526673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946566b736a74f392021-12-21 11:24:49.193root 11241100x8000000000000000526674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47820b01cb2e9ea32021-12-21 11:24:49.193root 11241100x8000000000000000526675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a9390ae901a08a2021-12-21 11:24:49.194root 11241100x8000000000000000526676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caead77db7593592021-12-21 11:24:49.194root 11241100x8000000000000000526677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f36295ab28dac2021-12-21 11:24:49.194root 11241100x8000000000000000526678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336c803d4a4cfa882021-12-21 11:24:49.194root 11241100x8000000000000000526679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9708ff4c6a59202021-12-21 11:24:49.194root 11241100x8000000000000000526680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c92639621960ee2021-12-21 11:24:49.194root 11241100x8000000000000000526681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b46d591fc6830fe2021-12-21 11:24:49.194root 11241100x8000000000000000526682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b5c680bbb55662021-12-21 11:24:49.194root 11241100x8000000000000000526683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfc8d931adb0cf52021-12-21 11:24:49.194root 11241100x8000000000000000526684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766bd3286d2894132021-12-21 11:24:49.194root 11241100x8000000000000000526685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446df6afc85185282021-12-21 11:24:49.194root 11241100x8000000000000000526686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e408f79c72ba612021-12-21 11:24:49.194root 11241100x8000000000000000526687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878aba7240eb56502021-12-21 11:24:49.194root 11241100x8000000000000000526688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e08c5c76945b382021-12-21 11:24:49.194root 11241100x8000000000000000526689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6331bf096eff0182021-12-21 11:24:49.692root 11241100x8000000000000000526690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea8c1c68294aa82021-12-21 11:24:49.693root 11241100x8000000000000000526691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449886c91daf43682021-12-21 11:24:49.693root 11241100x8000000000000000526692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24efd296e290111a2021-12-21 11:24:49.693root 11241100x8000000000000000526693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c3c5d72278e882021-12-21 11:24:49.693root 11241100x8000000000000000526694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb15e7cfdeb50e82021-12-21 11:24:49.694root 11241100x8000000000000000526695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5592df7265e0942021-12-21 11:24:49.694root 11241100x8000000000000000526696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf24daaa308f17e2021-12-21 11:24:49.694root 11241100x8000000000000000526697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef643a719aabf0f72021-12-21 11:24:49.694root 11241100x8000000000000000526698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32faba7f13fcd7672021-12-21 11:24:49.694root 11241100x8000000000000000526699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ae2ac62644a4162021-12-21 11:24:49.695root 11241100x8000000000000000526700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00e088635fa5132021-12-21 11:24:49.695root 11241100x8000000000000000526701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abbf61996190d2b2021-12-21 11:24:49.695root 11241100x8000000000000000526702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3ba52f010c8e02021-12-21 11:24:49.695root 11241100x8000000000000000526703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe919713a8644732021-12-21 11:24:49.695root 11241100x8000000000000000526704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2122ac3f972feb7e2021-12-21 11:24:49.696root 11241100x8000000000000000526705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447d8ba8f60868582021-12-21 11:24:49.697root 11241100x8000000000000000526706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb51323e5ac11472021-12-21 11:24:49.697root 11241100x8000000000000000526707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe7aa5d80ecc8de2021-12-21 11:24:49.698root 11241100x8000000000000000526708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f835f53e3b08c2021-12-21 11:24:49.699root 11241100x8000000000000000526709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020bdb4d23f943742021-12-21 11:24:49.699root 11241100x8000000000000000526710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ccac117a898ce32021-12-21 11:24:49.699root 354300x8000000000000000526711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.174{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48502-false10.0.1.12-8000- 11241100x8000000000000000526712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad0f1bfaad436452021-12-21 11:24:50.175root 11241100x8000000000000000526713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f90c8331a0f82a72021-12-21 11:24:50.175root 11241100x8000000000000000526714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c9be7fde4109862021-12-21 11:24:50.175root 11241100x8000000000000000526715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e9386812893ef22021-12-21 11:24:50.175root 11241100x8000000000000000526716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c30f495a16fa92021-12-21 11:24:50.175root 11241100x8000000000000000526717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e79c4dc8e4fa842021-12-21 11:24:50.175root 11241100x8000000000000000526718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a55626e6c3fd322021-12-21 11:24:50.176root 11241100x8000000000000000526719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e2538b36de8322021-12-21 11:24:50.176root 11241100x8000000000000000526720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a33e56dc883a92021-12-21 11:24:50.176root 11241100x8000000000000000526721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2817e1812a2e58c2021-12-21 11:24:50.176root 11241100x8000000000000000526722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5680a0ba5ccd0372021-12-21 11:24:50.176root 11241100x8000000000000000526723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017b78a488ff26472021-12-21 11:24:50.176root 11241100x8000000000000000526724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499a36bfc1b41ea72021-12-21 11:24:50.176root 11241100x8000000000000000526725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029d23cdcd8f32822021-12-21 11:24:50.176root 11241100x8000000000000000526726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c9d75318998f522021-12-21 11:24:50.176root 11241100x8000000000000000526727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0921e1f47c813762021-12-21 11:24:50.176root 11241100x8000000000000000526728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72e1a12f7860f122021-12-21 11:24:50.176root 11241100x8000000000000000526729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d2f743fb0145dd2021-12-21 11:24:50.176root 11241100x8000000000000000526730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a56ccdf335645c2021-12-21 11:24:50.176root 11241100x8000000000000000526731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c6f81d045c4d652021-12-21 11:24:50.443root 11241100x8000000000000000526732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3290741910ebad9b2021-12-21 11:24:50.443root 11241100x8000000000000000526733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5097f4504994162021-12-21 11:24:50.443root 11241100x8000000000000000526734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022d8726fd9f7b1d2021-12-21 11:24:50.443root 11241100x8000000000000000526735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c6d4dffc0ca6482021-12-21 11:24:50.443root 11241100x8000000000000000526736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1dff9dab3f467a2021-12-21 11:24:50.444root 11241100x8000000000000000526737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a40673d621f1f52021-12-21 11:24:50.444root 11241100x8000000000000000526738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb158b3d26ec6d92021-12-21 11:24:50.444root 11241100x8000000000000000526739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0120cab1b3cc7ba02021-12-21 11:24:50.444root 11241100x8000000000000000526740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7612b06a811454f2021-12-21 11:24:50.444root 11241100x8000000000000000526741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ca34d239bb4ec82021-12-21 11:24:50.444root 11241100x8000000000000000526742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde9a6da2db621d52021-12-21 11:24:50.444root 11241100x8000000000000000526743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc89041b403bc1b42021-12-21 11:24:50.444root 11241100x8000000000000000526744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff6aecf5f019b02021-12-21 11:24:50.444root 11241100x8000000000000000526745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435258ad4870fd2c2021-12-21 11:24:50.444root 11241100x8000000000000000526746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c74c56b01e44ba52021-12-21 11:24:50.444root 11241100x8000000000000000526747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10869fa96f03d3cf2021-12-21 11:24:50.444root 11241100x8000000000000000526748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029d74d57129162a2021-12-21 11:24:50.444root 11241100x8000000000000000526749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729a2a9b0bab76992021-12-21 11:24:50.444root 11241100x8000000000000000526750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e59a6aa300add22021-12-21 11:24:50.943root 11241100x8000000000000000526751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e788e080d111f2021-12-21 11:24:50.943root 11241100x8000000000000000526752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d8bab311a2f522021-12-21 11:24:50.943root 11241100x8000000000000000526753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a300c09425c7c722021-12-21 11:24:50.943root 11241100x8000000000000000526754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f966fd10f04242021-12-21 11:24:50.944root 11241100x8000000000000000526755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff011b3c53daedf62021-12-21 11:24:50.944root 11241100x8000000000000000526756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35efd36ede1a69002021-12-21 11:24:50.944root 11241100x8000000000000000526757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58e05ad3e89bd042021-12-21 11:24:50.944root 11241100x8000000000000000526758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb7d51b4ad528382021-12-21 11:24:50.944root 11241100x8000000000000000526759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b92034746c9a532021-12-21 11:24:50.944root 11241100x8000000000000000526760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4350d9de26cc7d2021-12-21 11:24:50.944root 11241100x8000000000000000526761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2cc09d5e9774712021-12-21 11:24:50.944root 11241100x8000000000000000526762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ee84a251c6efc2021-12-21 11:24:50.944root 11241100x8000000000000000526763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a791a36359f75462021-12-21 11:24:50.944root 11241100x8000000000000000526764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198509371cd967052021-12-21 11:24:50.944root 11241100x8000000000000000526765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0138470b3868850d2021-12-21 11:24:50.944root 11241100x8000000000000000526766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670c660d30ef7442021-12-21 11:24:50.944root 11241100x8000000000000000526767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85143d47cf75072021-12-21 11:24:50.945root 11241100x8000000000000000526768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b223e90c77c4cbd2021-12-21 11:24:50.945root 11241100x8000000000000000526769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8156128935b525842021-12-21 11:24:51.443root 11241100x8000000000000000526770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db047baad72284312021-12-21 11:24:51.443root 11241100x8000000000000000526771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e652b01b6366a32021-12-21 11:24:51.444root 11241100x8000000000000000526772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6900a6091e15e2021-12-21 11:24:51.444root 11241100x8000000000000000526773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b4b28911473082021-12-21 11:24:51.444root 11241100x8000000000000000526774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420c763af3fecec2021-12-21 11:24:51.444root 11241100x8000000000000000526775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9684174def66adc82021-12-21 11:24:51.444root 11241100x8000000000000000526776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca8f3dab0b66d512021-12-21 11:24:51.444root 11241100x8000000000000000526777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b084b88b93083672021-12-21 11:24:51.444root 11241100x8000000000000000526778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1960a042dd65672021-12-21 11:24:51.444root 11241100x8000000000000000526779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ecc5b0913eff562021-12-21 11:24:51.444root 11241100x8000000000000000526780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78033e99c35d622021-12-21 11:24:51.444root 11241100x8000000000000000526781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebc3ebe2f88cf4d2021-12-21 11:24:51.444root 11241100x8000000000000000526782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e729639f1c11ba352021-12-21 11:24:51.444root 11241100x8000000000000000526783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1becacf6fecde1282021-12-21 11:24:51.444root 11241100x8000000000000000526784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90adaa28c911f0212021-12-21 11:24:51.444root 11241100x8000000000000000526785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ba390a7730b8e2021-12-21 11:24:51.444root 11241100x8000000000000000526786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6add5fa6ea6437742021-12-21 11:24:51.445root 11241100x8000000000000000526787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b9c8f54a267cb22021-12-21 11:24:51.445root 11241100x8000000000000000526788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea8132fa4fe33b2021-12-21 11:24:51.943root 11241100x8000000000000000526789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725bbd1dee9976bc2021-12-21 11:24:51.943root 11241100x8000000000000000526790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e480ad9bca2e252021-12-21 11:24:51.943root 11241100x8000000000000000526791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc30c453d979711b2021-12-21 11:24:51.943root 11241100x8000000000000000526792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3c5449f85083942021-12-21 11:24:51.944root 11241100x8000000000000000526793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5ad32a262281392021-12-21 11:24:51.944root 11241100x8000000000000000526794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9814f9cbe9941c852021-12-21 11:24:51.944root 11241100x8000000000000000526795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9fdb5b695f3c52021-12-21 11:24:51.944root 11241100x8000000000000000526796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c36682429eff17f2021-12-21 11:24:51.944root 11241100x8000000000000000526797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9eae076251c5cc2021-12-21 11:24:51.944root 11241100x8000000000000000526798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00cef506362d2ac2021-12-21 11:24:51.944root 11241100x8000000000000000526799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a24f24b679ccb92021-12-21 11:24:51.944root 11241100x8000000000000000526800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0a77294ac50472021-12-21 11:24:51.944root 11241100x8000000000000000526801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eeb73584e884602021-12-21 11:24:51.944root 11241100x8000000000000000526802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6286dd1a11eb1e2021-12-21 11:24:51.944root 11241100x8000000000000000526803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8375c177b597562021-12-21 11:24:51.944root 11241100x8000000000000000526804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d2c8b1a19847ca2021-12-21 11:24:51.944root 11241100x8000000000000000526805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311c7d2a09232f252021-12-21 11:24:51.944root 11241100x8000000000000000526806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d2afbfce0a65902021-12-21 11:24:51.944root 11241100x8000000000000000526807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a906594734f92de82021-12-21 11:24:52.443root 11241100x8000000000000000526808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a7e92997c67be82021-12-21 11:24:52.443root 11241100x8000000000000000526809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e973037521800d2021-12-21 11:24:52.443root 11241100x8000000000000000526810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f021b8d8c3ac9e32021-12-21 11:24:52.443root 11241100x8000000000000000526811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90f02662528b0e2021-12-21 11:24:52.444root 11241100x8000000000000000526812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d865b98e508773932021-12-21 11:24:52.444root 11241100x8000000000000000526813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b6b07821ca65e2021-12-21 11:24:52.444root 11241100x8000000000000000526814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5618ff626f633f772021-12-21 11:24:52.444root 11241100x8000000000000000526815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd4ebbfdbce4aa42021-12-21 11:24:52.444root 11241100x8000000000000000526816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a492adb3d12898832021-12-21 11:24:52.444root 11241100x8000000000000000526817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf58cd5a8c56a072021-12-21 11:24:52.444root 11241100x8000000000000000526818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db70389d5a1046c2021-12-21 11:24:52.444root 11241100x8000000000000000526819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d90be97d319a5d2021-12-21 11:24:52.444root 11241100x8000000000000000526820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b43cc14a457f58c2021-12-21 11:24:52.444root 11241100x8000000000000000526821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab6285357671ad32021-12-21 11:24:52.444root 11241100x8000000000000000526822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f17a6f641c8242021-12-21 11:24:52.445root 11241100x8000000000000000526823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8ba964729ec0a72021-12-21 11:24:52.445root 11241100x8000000000000000526824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17df25f061863202021-12-21 11:24:52.445root 11241100x8000000000000000526825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbbb447a6dda13e2021-12-21 11:24:52.445root 11241100x8000000000000000526826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe66dae1e58d0482021-12-21 11:24:52.943root 11241100x8000000000000000526827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b9a705cac124d2021-12-21 11:24:52.943root 11241100x8000000000000000526828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3686dd51be4b34642021-12-21 11:24:52.943root 11241100x8000000000000000526829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbff1e135a416292021-12-21 11:24:52.944root 11241100x8000000000000000526830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed413058f89f29332021-12-21 11:24:52.944root 11241100x8000000000000000526831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dad433b0cda862d2021-12-21 11:24:52.944root 11241100x8000000000000000526832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc505ba3845ece912021-12-21 11:24:52.944root 11241100x8000000000000000526833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e44417e9c7631702021-12-21 11:24:52.944root 11241100x8000000000000000526834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad9654eded6b88b2021-12-21 11:24:52.944root 11241100x8000000000000000526835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09f84b1b08d3d962021-12-21 11:24:52.944root 11241100x8000000000000000526836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566eac735011a11a2021-12-21 11:24:52.944root 11241100x8000000000000000526837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e534644892930802021-12-21 11:24:52.944root 11241100x8000000000000000526838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d6ef6502b05b92021-12-21 11:24:52.944root 11241100x8000000000000000526839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e4b3421d8545832021-12-21 11:24:52.944root 11241100x8000000000000000526840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68bf5b425978d1e2021-12-21 11:24:52.944root 11241100x8000000000000000526841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5298347aba783f72021-12-21 11:24:52.944root 11241100x8000000000000000526842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba48bb4f26b8272021-12-21 11:24:52.944root 11241100x8000000000000000526843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe251dd1ac553f2021-12-21 11:24:52.945root 11241100x8000000000000000526844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe0cf1d1e86d5e62021-12-21 11:24:52.945root 11241100x8000000000000000526845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edcecf768757cc22021-12-21 11:24:53.443root 11241100x8000000000000000526846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980c6c2920f3c7452021-12-21 11:24:53.443root 11241100x8000000000000000526847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba0fce7ff31a1e82021-12-21 11:24:53.443root 11241100x8000000000000000526848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668616f6b1cbdf622021-12-21 11:24:53.443root 11241100x8000000000000000526849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a406579ac7afa02021-12-21 11:24:53.444root 11241100x8000000000000000526850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b45252ff3d1a5382021-12-21 11:24:53.444root 11241100x8000000000000000526851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fbde4734836b952021-12-21 11:24:53.444root 11241100x8000000000000000526852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d939162959b7a92021-12-21 11:24:53.444root 11241100x8000000000000000526853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea2a38f33cb97e92021-12-21 11:24:53.444root 11241100x8000000000000000526854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc4ce9e2d2616be2021-12-21 11:24:53.444root 11241100x8000000000000000526855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36c168bed5e9a62021-12-21 11:24:53.444root 11241100x8000000000000000526856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b79c4c84804fc2021-12-21 11:24:53.444root 11241100x8000000000000000526857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154976e32c07c892021-12-21 11:24:53.444root 11241100x8000000000000000526858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeb8726fa3120b72021-12-21 11:24:53.444root 11241100x8000000000000000526859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b339ed36ddd9722021-12-21 11:24:53.444root 11241100x8000000000000000526860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41bbe8645543ff12021-12-21 11:24:53.444root 11241100x8000000000000000526861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b115eb1df0a5092021-12-21 11:24:53.444root 11241100x8000000000000000526862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52809ab69cc68ca42021-12-21 11:24:53.444root 11241100x8000000000000000526863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2bdd0f7742241b2021-12-21 11:24:53.444root 11241100x8000000000000000526864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545b6637818c5dea2021-12-21 11:24:53.943root 11241100x8000000000000000526865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a8dc8f08d3ffc22021-12-21 11:24:53.943root 11241100x8000000000000000526866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62268a6f642a7ffe2021-12-21 11:24:53.943root 11241100x8000000000000000526867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33887eaa2345d7762021-12-21 11:24:53.943root 11241100x8000000000000000526868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e99640bbd43d812021-12-21 11:24:53.944root 11241100x8000000000000000526869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1a4f8bbf3bc5f2021-12-21 11:24:53.944root 11241100x8000000000000000526870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0601e7c0f3db702021-12-21 11:24:53.944root 11241100x8000000000000000526871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c946c850ab723192021-12-21 11:24:53.944root 11241100x8000000000000000526872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3650c6c32a0372ac2021-12-21 11:24:53.944root 11241100x8000000000000000526873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97802be0254ef91d2021-12-21 11:24:53.944root 11241100x8000000000000000526874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cae4a2800d21c02021-12-21 11:24:53.944root 11241100x8000000000000000526875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9547600780e5ef512021-12-21 11:24:53.944root 11241100x8000000000000000526876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0326ed441cdfe9e02021-12-21 11:24:53.944root 11241100x8000000000000000526877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba766421299988bd2021-12-21 11:24:53.944root 11241100x8000000000000000526878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d871301855a973d2021-12-21 11:24:53.944root 11241100x8000000000000000526879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abbce3069172a3b2021-12-21 11:24:53.944root 11241100x8000000000000000526880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c240824a443e962021-12-21 11:24:53.944root 11241100x8000000000000000526881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e8a0e118d44eb2021-12-21 11:24:53.944root 11241100x8000000000000000526882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07641b1da0588692021-12-21 11:24:53.944root 11241100x8000000000000000526883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d49ad63571c48a62021-12-21 11:24:54.443root 11241100x8000000000000000526884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87240173f6b7c3c2021-12-21 11:24:54.444root 11241100x8000000000000000526885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b70a9d97168bed22021-12-21 11:24:54.444root 11241100x8000000000000000526886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5b7f8c394c4b892021-12-21 11:24:54.444root 11241100x8000000000000000526887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f300fb3aa384652021-12-21 11:24:54.444root 11241100x8000000000000000526888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57b113c23c787a82021-12-21 11:24:54.444root 11241100x8000000000000000526889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08ea336e523c9a32021-12-21 11:24:54.444root 11241100x8000000000000000526890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d8492535b153c22021-12-21 11:24:54.445root 11241100x8000000000000000526891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2a914b36da740d2021-12-21 11:24:54.445root 11241100x8000000000000000526892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3789a46255edea72021-12-21 11:24:54.445root 11241100x8000000000000000526893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654851abed3311a2021-12-21 11:24:54.445root 11241100x8000000000000000526894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d33454c7004707a2021-12-21 11:24:54.445root 11241100x8000000000000000526895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f668e0c06dbedcb12021-12-21 11:24:54.446root 11241100x8000000000000000526896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e062ea7d2ea6eaa2021-12-21 11:24:54.446root 11241100x8000000000000000526897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb946192157c0c742021-12-21 11:24:54.446root 11241100x8000000000000000526898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f892b411b6541d42021-12-21 11:24:54.446root 11241100x8000000000000000526899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f747a5aebf764a2021-12-21 11:24:54.446root 11241100x8000000000000000526900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c41844d19978e42021-12-21 11:24:54.446root 11241100x8000000000000000526901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ceace03b3eae7b2021-12-21 11:24:54.446root 11241100x8000000000000000526902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d695ba18e90853152021-12-21 11:24:54.943root 11241100x8000000000000000526903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f44f0cdfc0f6a6c2021-12-21 11:24:54.944root 11241100x8000000000000000526904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49024f09ba0a272021-12-21 11:24:54.944root 11241100x8000000000000000526905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6e391710add4a72021-12-21 11:24:54.944root 11241100x8000000000000000526906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70f5604a207c7592021-12-21 11:24:54.944root 11241100x8000000000000000526907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6f1cfff7f08c5d2021-12-21 11:24:54.944root 11241100x8000000000000000526908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc22f001fdace7bf2021-12-21 11:24:54.944root 11241100x8000000000000000526909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e28739f3b13b672021-12-21 11:24:54.944root 11241100x8000000000000000526910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba48bae5060446c2021-12-21 11:24:54.944root 11241100x8000000000000000526911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b229dec94a5c30c82021-12-21 11:24:54.945root 11241100x8000000000000000526912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e1f24a9f984272021-12-21 11:24:54.945root 11241100x8000000000000000526913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd7e5eebc78b802021-12-21 11:24:54.945root 11241100x8000000000000000526914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581199baaf1e9b0c2021-12-21 11:24:54.945root 11241100x8000000000000000526915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4da5e14d74d8dd2021-12-21 11:24:54.945root 11241100x8000000000000000526916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e446ef3d24d11c02021-12-21 11:24:54.945root 11241100x8000000000000000526917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6596da153882cc2021-12-21 11:24:54.945root 11241100x8000000000000000526918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c0c598c175fb6e2021-12-21 11:24:54.945root 11241100x8000000000000000526919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1d2dbd9ddc8f42021-12-21 11:24:54.945root 11241100x8000000000000000526920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dfbddbcbbde51b2021-12-21 11:24:54.945root 11241100x8000000000000000526921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2252ebdd66d68d052021-12-21 11:24:55.443root 11241100x8000000000000000526922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50f1de89474b7882021-12-21 11:24:55.443root 11241100x8000000000000000526923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f36c46b8aca63e2021-12-21 11:24:55.443root 11241100x8000000000000000526924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6093c14e8f728782021-12-21 11:24:55.443root 11241100x8000000000000000526925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f4aabba6dc26a2021-12-21 11:24:55.444root 11241100x8000000000000000526926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70683b7b6b2cc9122021-12-21 11:24:55.444root 11241100x8000000000000000526927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920cdc6b9e31ef6e2021-12-21 11:24:55.444root 11241100x8000000000000000526928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d919be7173eb62c02021-12-21 11:24:55.444root 11241100x8000000000000000526929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90386379d61df7cd2021-12-21 11:24:55.444root 11241100x8000000000000000526930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53710c48f2fe22ae2021-12-21 11:24:55.444root 11241100x8000000000000000526931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed11bcf696a9782021-12-21 11:24:55.444root 11241100x8000000000000000526932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751ab62a72a63dfc2021-12-21 11:24:55.444root 11241100x8000000000000000526933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad928a5ee51819632021-12-21 11:24:55.445root 11241100x8000000000000000526934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b796457e66059cbd2021-12-21 11:24:55.445root 11241100x8000000000000000526935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aaeaec53ec430c2021-12-21 11:24:55.445root 11241100x8000000000000000526936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99d66bc277b4b42021-12-21 11:24:55.445root 11241100x8000000000000000526937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5db499a70e2c22021-12-21 11:24:55.445root 11241100x8000000000000000526938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805ee9de1e3906ad2021-12-21 11:24:55.445root 11241100x8000000000000000526939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00d73c36faea74e2021-12-21 11:24:55.445root 11241100x8000000000000000526940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c799392b95591f2021-12-21 11:24:55.943root 11241100x8000000000000000526941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3c7a9bdfaabaf2021-12-21 11:24:55.944root 11241100x8000000000000000526942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a56c56da377f12021-12-21 11:24:55.944root 11241100x8000000000000000526943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0a4a77e622cd5b2021-12-21 11:24:55.944root 11241100x8000000000000000526944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ce909ef188ca02021-12-21 11:24:55.944root 11241100x8000000000000000526945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caffc98b5371dce92021-12-21 11:24:55.944root 11241100x8000000000000000526946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af65e96694c6c4722021-12-21 11:24:55.944root 11241100x8000000000000000526947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25fd2d3acca81312021-12-21 11:24:55.944root 11241100x8000000000000000526948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28432affe4d7032c2021-12-21 11:24:55.945root 11241100x8000000000000000526949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c71362e6402e182021-12-21 11:24:55.945root 11241100x8000000000000000526950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867d85ad52b8de72021-12-21 11:24:55.945root 11241100x8000000000000000526951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09bd6be0102bdf12021-12-21 11:24:55.945root 11241100x8000000000000000526952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567dc8a985432a4c2021-12-21 11:24:55.945root 11241100x8000000000000000526953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36ab7db31b354e2021-12-21 11:24:55.945root 11241100x8000000000000000526954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b2a3e85234e5a12021-12-21 11:24:55.945root 11241100x8000000000000000526955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f73c27e5caef192021-12-21 11:24:55.945root 11241100x8000000000000000526956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766e1f8154c689a2021-12-21 11:24:55.946root 11241100x8000000000000000526957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b397efeec0d3c9c2021-12-21 11:24:55.946root 11241100x8000000000000000526958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d656cd87c177f902021-12-21 11:24:55.946root 354300x8000000000000000526959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.082{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48504-false10.0.1.12-8000- 11241100x8000000000000000526960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085085a946bdc062021-12-21 11:24:56.443root 11241100x8000000000000000526961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2fb58a183fde532021-12-21 11:24:56.443root 11241100x8000000000000000526962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9355ea2b5d45862021-12-21 11:24:56.443root 11241100x8000000000000000526963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4921ee79e785ce582021-12-21 11:24:56.444root 11241100x8000000000000000526964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd63d54c3f5830c92021-12-21 11:24:56.444root 11241100x8000000000000000526965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a70ea51b1f49212021-12-21 11:24:56.444root 11241100x8000000000000000526966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bec4a90b2a6854c2021-12-21 11:24:56.444root 11241100x8000000000000000526967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61bcfec8ce82f9a2021-12-21 11:24:56.444root 11241100x8000000000000000526968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc14380290a7eb4d2021-12-21 11:24:56.444root 11241100x8000000000000000526969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdd3e684018c7392021-12-21 11:24:56.444root 11241100x8000000000000000526970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7628810b58f1cd112021-12-21 11:24:56.444root 11241100x8000000000000000526971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374ba1f88dec3a622021-12-21 11:24:56.444root 11241100x8000000000000000526972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972236391519a0312021-12-21 11:24:56.444root 11241100x8000000000000000526973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62486669f112d22021-12-21 11:24:56.444root 11241100x8000000000000000526974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6a2712ad3c96b82021-12-21 11:24:56.444root 11241100x8000000000000000526975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e3f67874786922021-12-21 11:24:56.444root 11241100x8000000000000000526976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb3b148cc5fdd752021-12-21 11:24:56.444root 11241100x8000000000000000526977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9b489f8fbe59e02021-12-21 11:24:56.444root 11241100x8000000000000000526978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f383a8650ce8e42021-12-21 11:24:56.445root 11241100x8000000000000000526979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e4e93c037f22fb2021-12-21 11:24:56.445root 11241100x8000000000000000526980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305e82c0aff95dd62021-12-21 11:24:56.943root 11241100x8000000000000000526981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12778238e51e00c62021-12-21 11:24:56.943root 11241100x8000000000000000526982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae78cf8b7742b7f2021-12-21 11:24:56.943root 11241100x8000000000000000526983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196df3d834d70f62021-12-21 11:24:56.943root 11241100x8000000000000000526984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865b29d1b2822f92021-12-21 11:24:56.944root 11241100x8000000000000000526985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78abb5b0d0f44b2021-12-21 11:24:56.944root 11241100x8000000000000000526986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba895b9d01f00492021-12-21 11:24:56.944root 11241100x8000000000000000526987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83134b1b313910742021-12-21 11:24:56.944root 11241100x8000000000000000526988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d090b9fed26fb8da2021-12-21 11:24:56.944root 11241100x8000000000000000526989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0e8ae21cdaec442021-12-21 11:24:56.944root 11241100x8000000000000000526990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ab00239b9503c52021-12-21 11:24:56.944root 11241100x8000000000000000526991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0f889b62177a62021-12-21 11:24:56.944root 11241100x8000000000000000526992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd5d6eee739e2632021-12-21 11:24:56.944root 11241100x8000000000000000526993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b593af816cc0c5702021-12-21 11:24:56.944root 11241100x8000000000000000526994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba3a58af086511a2021-12-21 11:24:56.944root 11241100x8000000000000000526995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19ffedb695284712021-12-21 11:24:56.944root 11241100x8000000000000000526996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e6bb20bc4a3732021-12-21 11:24:56.944root 11241100x8000000000000000526997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4255f8d577704c952021-12-21 11:24:56.944root 11241100x8000000000000000526998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5812220081d3b5352021-12-21 11:24:56.944root 11241100x8000000000000000526999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e3169c132a645e2021-12-21 11:24:56.944root 11241100x8000000000000000527000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0b2159e3a0526b2021-12-21 11:24:57.443root 11241100x8000000000000000527001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a26c261a0d48e2021-12-21 11:24:57.443root 11241100x8000000000000000527002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381246ab373414a52021-12-21 11:24:57.443root 11241100x8000000000000000527003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b651b5bc1ee8620c2021-12-21 11:24:57.443root 11241100x8000000000000000527004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7218f66eb6baef2021-12-21 11:24:57.444root 11241100x8000000000000000527005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5ba38a10492c552021-12-21 11:24:57.444root 11241100x8000000000000000527006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabb5e9aab93968c2021-12-21 11:24:57.444root 11241100x8000000000000000527007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767628bff9cbefea2021-12-21 11:24:57.444root 11241100x8000000000000000527008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979a642100f702d62021-12-21 11:24:57.444root 11241100x8000000000000000527009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb0806f0d5cae52021-12-21 11:24:57.444root 11241100x8000000000000000527010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d91039c151d79af2021-12-21 11:24:57.444root 11241100x8000000000000000527011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32eace31dcfea052021-12-21 11:24:57.444root 11241100x8000000000000000527012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe6cb3f22e83cf02021-12-21 11:24:57.445root 11241100x8000000000000000527013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3c3a7f8503df9a2021-12-21 11:24:57.445root 11241100x8000000000000000527014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eebcce7ecdcfcc2021-12-21 11:24:57.445root 11241100x8000000000000000527015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7912b2a14a8eef3d2021-12-21 11:24:57.445root 11241100x8000000000000000527016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17236220980ad29a2021-12-21 11:24:57.445root 11241100x8000000000000000527017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bccfd6bd06153c12021-12-21 11:24:57.445root 11241100x8000000000000000527018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615fecc16ee699942021-12-21 11:24:57.445root 11241100x8000000000000000527019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c2ea2eddab8412021-12-21 11:24:57.445root 11241100x8000000000000000527020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2dfec6c8e3e32d2021-12-21 11:24:57.943root 11241100x8000000000000000527021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b82545cb4feb82021-12-21 11:24:57.944root 11241100x8000000000000000527022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7946e7a3dfd419a2021-12-21 11:24:57.944root 11241100x8000000000000000527023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4817b26461be422021-12-21 11:24:57.944root 11241100x8000000000000000527024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feba129cbaf84a22021-12-21 11:24:57.944root 11241100x8000000000000000527025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6834ab602a03b522021-12-21 11:24:57.944root 11241100x8000000000000000527026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac67ea34c0703ec2021-12-21 11:24:57.945root 11241100x8000000000000000527027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432885e1b4ccf41c2021-12-21 11:24:57.945root 11241100x8000000000000000527028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108c738ad11239c42021-12-21 11:24:57.945root 11241100x8000000000000000527029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ddea470c82b712021-12-21 11:24:57.945root 11241100x8000000000000000527030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bbce02a70a2e3f2021-12-21 11:24:57.945root 11241100x8000000000000000527031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac95e001c4d15ff2021-12-21 11:24:57.945root 11241100x8000000000000000527032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e953a77afb31032021-12-21 11:24:57.945root 11241100x8000000000000000527033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0964c8ddd5965802021-12-21 11:24:57.946root 11241100x8000000000000000527034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee429fe9d36a56c62021-12-21 11:24:57.946root 11241100x8000000000000000527035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a5955a693e4dec2021-12-21 11:24:57.946root 11241100x8000000000000000527036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6b71dc2c7cc3042021-12-21 11:24:57.946root 11241100x8000000000000000527037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa9aa04d1c1e9d2021-12-21 11:24:57.946root 11241100x8000000000000000527038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cbc7badf469eb72021-12-21 11:24:57.947root 11241100x8000000000000000527039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a1f2ecb556a25d2021-12-21 11:24:57.947root 11241100x8000000000000000527040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef3ddab3901ea0e2021-12-21 11:24:58.443root 11241100x8000000000000000527041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b32c400161dd3952021-12-21 11:24:58.443root 11241100x8000000000000000527042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467fdf290b29bab72021-12-21 11:24:58.444root 11241100x8000000000000000527043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01314e92e7cafb492021-12-21 11:24:58.444root 11241100x8000000000000000527044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8759bb4d38113442021-12-21 11:24:58.444root 11241100x8000000000000000527045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83b4444c098fb792021-12-21 11:24:58.444root 11241100x8000000000000000527046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7399d4b64393212021-12-21 11:24:58.444root 11241100x8000000000000000527047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ef62211132027b2021-12-21 11:24:58.444root 11241100x8000000000000000527048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d288f98c0bc2fc622021-12-21 11:24:58.444root 11241100x8000000000000000527049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7554bbfce3d2cc82021-12-21 11:24:58.444root 11241100x8000000000000000527050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3d18dcd376b8922021-12-21 11:24:58.444root 11241100x8000000000000000527051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2950ebefd65079ed2021-12-21 11:24:58.444root 11241100x8000000000000000527052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d75059294063e92021-12-21 11:24:58.444root 11241100x8000000000000000527053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a5dd9888831952021-12-21 11:24:58.444root 11241100x8000000000000000527054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4c47298504a14c2021-12-21 11:24:58.444root 11241100x8000000000000000527055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525564aa4b2315a22021-12-21 11:24:58.445root 11241100x8000000000000000527056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febab982e892b28f2021-12-21 11:24:58.445root 11241100x8000000000000000527057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ab10fedc4f83d2021-12-21 11:24:58.445root 11241100x8000000000000000527058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b038a9fcd2fcab662021-12-21 11:24:58.445root 11241100x8000000000000000527059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da7583d4cd66df02021-12-21 11:24:58.445root 11241100x8000000000000000527060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a896cc8a7127a2021-12-21 11:24:58.943root 11241100x8000000000000000527061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a453a30af902dccf2021-12-21 11:24:58.943root 11241100x8000000000000000527062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce213a35cce3e2f2021-12-21 11:24:58.944root 11241100x8000000000000000527063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21635408132dbeee2021-12-21 11:24:58.944root 11241100x8000000000000000527064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418c1b496a0275482021-12-21 11:24:58.944root 11241100x8000000000000000527065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041bd8f6ca5754c82021-12-21 11:24:58.944root 11241100x8000000000000000527066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ba18d297746ea2021-12-21 11:24:58.944root 11241100x8000000000000000527067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c5def46c70d27e2021-12-21 11:24:58.944root 11241100x8000000000000000527068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfca174a79254fb2021-12-21 11:24:58.944root 11241100x8000000000000000527069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cafb29e5188a1742021-12-21 11:24:58.944root 11241100x8000000000000000527070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de798970e03b10d2021-12-21 11:24:58.944root 11241100x8000000000000000527071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930340dfe9a83102021-12-21 11:24:58.944root 11241100x8000000000000000527072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af573095a699e002021-12-21 11:24:58.945root 11241100x8000000000000000527073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789d842a0a6c4c2f2021-12-21 11:24:58.945root 11241100x8000000000000000527074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f6021356d9226a2021-12-21 11:24:58.945root 11241100x8000000000000000527075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a390a89b331439472021-12-21 11:24:58.945root 11241100x8000000000000000527076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb71bfa0ba1c23702021-12-21 11:24:58.945root 11241100x8000000000000000527077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6327f0e75920f7842021-12-21 11:24:58.945root 11241100x8000000000000000527078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb07712d6181b1b02021-12-21 11:24:58.945root 11241100x8000000000000000527079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38de17a9f233f7952021-12-21 11:24:58.945root 11241100x8000000000000000527080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bce5a4300ae6f0e2021-12-21 11:24:59.443root 11241100x8000000000000000527081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c6b92c222942f2021-12-21 11:24:59.443root 11241100x8000000000000000527082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34f4dbecb39ece52021-12-21 11:24:59.443root 11241100x8000000000000000527083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98165893678234802021-12-21 11:24:59.443root 11241100x8000000000000000527084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dc58b133cadfd32021-12-21 11:24:59.444root 11241100x8000000000000000527085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a624d192e61882021-12-21 11:24:59.444root 11241100x8000000000000000527086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857e89572ccd25a32021-12-21 11:24:59.444root 11241100x8000000000000000527087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa5ab55babd337e2021-12-21 11:24:59.444root 11241100x8000000000000000527088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2468525a091b0efb2021-12-21 11:24:59.444root 11241100x8000000000000000527089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799ceed619c04d652021-12-21 11:24:59.444root 11241100x8000000000000000527090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd6e8796cc394352021-12-21 11:24:59.444root 11241100x8000000000000000527091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42262747b94262a42021-12-21 11:24:59.444root 11241100x8000000000000000527092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2f689afd19f62b2021-12-21 11:24:59.444root 11241100x8000000000000000527093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523cd53eb133e10d2021-12-21 11:24:59.444root 11241100x8000000000000000527094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e7a9f9c75b19252021-12-21 11:24:59.444root 11241100x8000000000000000527095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e6381742fd7b02021-12-21 11:24:59.444root 11241100x8000000000000000527096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbb5a0821d34a442021-12-21 11:24:59.444root 11241100x8000000000000000527097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c16851a94f03f542021-12-21 11:24:59.444root 11241100x8000000000000000527098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b3fd786f0de4ec2021-12-21 11:24:59.444root 11241100x8000000000000000527099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9e45df222184442021-12-21 11:24:59.445root 11241100x8000000000000000527100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504f74cdacff9ed32021-12-21 11:24:59.943root 11241100x8000000000000000527101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457f8a64f09bffd2021-12-21 11:24:59.943root 11241100x8000000000000000527102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f079fba426211b12021-12-21 11:24:59.943root 11241100x8000000000000000527103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2105ce17e98a2c02021-12-21 11:24:59.943root 11241100x8000000000000000527104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8a2ee2bccbeca82021-12-21 11:24:59.944root 11241100x8000000000000000527105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd51a5a8993af7c62021-12-21 11:24:59.944root 11241100x8000000000000000527106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73d5e3091df67d2021-12-21 11:24:59.944root 11241100x8000000000000000527107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64565b5d27bd43852021-12-21 11:24:59.944root 11241100x8000000000000000527108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6ff4961003a402021-12-21 11:24:59.944root 11241100x8000000000000000527109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5dcb830905fa432021-12-21 11:24:59.944root 11241100x8000000000000000527110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576e356c81b00c702021-12-21 11:24:59.944root 11241100x8000000000000000527111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd1e7d1f93960072021-12-21 11:24:59.944root 11241100x8000000000000000527112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a379e388cc7a6072021-12-21 11:24:59.944root 11241100x8000000000000000527113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ed0d1947d9def42021-12-21 11:24:59.944root 11241100x8000000000000000527114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d63dec4ded1eebe2021-12-21 11:24:59.944root 11241100x8000000000000000527115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3348291b10b9dd2021-12-21 11:24:59.944root 11241100x8000000000000000527116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5a3cd6d76c17852021-12-21 11:24:59.944root 11241100x8000000000000000527117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ec4f6a239133052021-12-21 11:24:59.944root 11241100x8000000000000000527118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17d9588d4337c142021-12-21 11:24:59.944root 11241100x8000000000000000527119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e00cb71c0b36af2021-12-21 11:24:59.944root 11241100x8000000000000000527120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c35f55e6249b9402021-12-21 11:25:00.443root 11241100x8000000000000000527121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c543d7a29bd71ca22021-12-21 11:25:00.443root 11241100x8000000000000000527122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fdccc88471ded2021-12-21 11:25:00.443root 11241100x8000000000000000527123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f79ca35cc0fb52021-12-21 11:25:00.443root 11241100x8000000000000000527124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9784fd7a3d863b2021-12-21 11:25:00.444root 11241100x8000000000000000527125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0348ae044c33614e2021-12-21 11:25:00.444root 11241100x8000000000000000527126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8d634da86b39d02021-12-21 11:25:00.444root 11241100x8000000000000000527127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f75e7643dbff42021-12-21 11:25:00.444root 11241100x8000000000000000527128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708c1de755e231472021-12-21 11:25:00.444root 11241100x8000000000000000527129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834ccf4761b8a7822021-12-21 11:25:00.444root 11241100x8000000000000000527130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af4aa16408bbbfe2021-12-21 11:25:00.444root 11241100x8000000000000000527131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489f762462e785ab2021-12-21 11:25:00.444root 11241100x8000000000000000527132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2bd7e540e182ec2021-12-21 11:25:00.444root 11241100x8000000000000000527133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c13d979a4c680a92021-12-21 11:25:00.444root 11241100x8000000000000000527134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4385e93491245a2021-12-21 11:25:00.444root 11241100x8000000000000000527135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6880bf59c17f9b2021-12-21 11:25:00.444root 11241100x8000000000000000527136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea798812ff337f02021-12-21 11:25:00.444root 11241100x8000000000000000527137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a79c3173af69ca42021-12-21 11:25:00.444root 11241100x8000000000000000527138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0f1e25463540502021-12-21 11:25:00.444root 11241100x8000000000000000527139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664643562eb5e5bd2021-12-21 11:25:00.444root 11241100x8000000000000000527140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f1a48d26eae34e2021-12-21 11:25:00.943root 11241100x8000000000000000527141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f49238158fa422021-12-21 11:25:00.943root 11241100x8000000000000000527142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01057654eaefe1f32021-12-21 11:25:00.943root 11241100x8000000000000000527143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f491d51192b3485b2021-12-21 11:25:00.943root 11241100x8000000000000000527144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565e667143376b02021-12-21 11:25:00.943root 11241100x8000000000000000527145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cc10df74b5625a2021-12-21 11:25:00.943root 11241100x8000000000000000527146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d94cbfe13c39562021-12-21 11:25:00.944root 11241100x8000000000000000527147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071ed19f9a6289f82021-12-21 11:25:00.944root 11241100x8000000000000000527148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edab513eae7ce652021-12-21 11:25:00.944root 11241100x8000000000000000527149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab5ba16056e04542021-12-21 11:25:00.944root 11241100x8000000000000000527150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b025684516a7e7352021-12-21 11:25:00.944root 11241100x8000000000000000527151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff8d11dd3acc952021-12-21 11:25:00.944root 11241100x8000000000000000527152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e4ef69a08959e62021-12-21 11:25:00.944root 11241100x8000000000000000527153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8feb6ce21f0cb2021-12-21 11:25:00.944root 11241100x8000000000000000527154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29a2b056f2779f22021-12-21 11:25:00.945root 11241100x8000000000000000527155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848babeacb54dbce2021-12-21 11:25:00.945root 11241100x8000000000000000527156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922fbfd1f84fd6522021-12-21 11:25:00.945root 11241100x8000000000000000527157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb1ce8fba41762c2021-12-21 11:25:00.945root 11241100x8000000000000000527158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771a07ec086603712021-12-21 11:25:00.945root 11241100x8000000000000000527159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cf055020593f662021-12-21 11:25:00.946root 11241100x8000000000000000527160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309f013649a462b2021-12-21 11:25:00.946root 11241100x8000000000000000527161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf4ce92d4b61c452021-12-21 11:25:00.946root 11241100x8000000000000000527162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357a40ebe61de7532021-12-21 11:25:00.946root 11241100x8000000000000000527163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb18ec54315cce292021-12-21 11:25:00.946root 11241100x8000000000000000527164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd819d95a3d6e2f2021-12-21 11:25:00.947root 11241100x8000000000000000527165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3881880468664852021-12-21 11:25:00.947root 11241100x8000000000000000527166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a24e5bcfc37db572021-12-21 11:25:00.947root 11241100x8000000000000000527167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ed712ed4bcf5162021-12-21 11:25:00.947root 11241100x8000000000000000527168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2acef68590ea12021-12-21 11:25:00.948root 11241100x8000000000000000527169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc70976d6e1914012021-12-21 11:25:00.948root 11241100x8000000000000000527170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2d24c0302488df2021-12-21 11:25:00.948root 11241100x8000000000000000527171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be4c96a11e733fb2021-12-21 11:25:00.948root 11241100x8000000000000000527172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34663a301bbbe572021-12-21 11:25:00.948root 11241100x8000000000000000527173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3c946ed90732bf2021-12-21 11:25:00.948root 354300x8000000000000000527174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.132{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48506-false10.0.1.12-8000- 11241100x8000000000000000527175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a50b6069f830472021-12-21 11:25:01.443root 11241100x8000000000000000527176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba575397e8307b942021-12-21 11:25:01.443root 11241100x8000000000000000527177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822b7dad227f4962021-12-21 11:25:01.444root 11241100x8000000000000000527178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c7ede275640db62021-12-21 11:25:01.444root 11241100x8000000000000000527179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fe1b5c6545b5a12021-12-21 11:25:01.444root 11241100x8000000000000000527180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eddfe6dab7f4dc12021-12-21 11:25:01.444root 11241100x8000000000000000527181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cd65dcab0096742021-12-21 11:25:01.444root 11241100x8000000000000000527182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a878f579db49e1402021-12-21 11:25:01.444root 11241100x8000000000000000527183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981e630535d09e92021-12-21 11:25:01.444root 11241100x8000000000000000527184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5e0b50ffbefdb2021-12-21 11:25:01.444root 11241100x8000000000000000527185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af7a53334efc4c72021-12-21 11:25:01.444root 11241100x8000000000000000527186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5580e11432bfb942021-12-21 11:25:01.444root 11241100x8000000000000000527187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf703234cbae912021-12-21 11:25:01.444root 11241100x8000000000000000527188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aaac72a898ebb12021-12-21 11:25:01.444root 11241100x8000000000000000527189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ece794f5eeea0a2021-12-21 11:25:01.445root 11241100x8000000000000000527190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4640eb287f537492021-12-21 11:25:01.445root 11241100x8000000000000000527191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385cce1c3a117a42021-12-21 11:25:01.445root 11241100x8000000000000000527192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fcdfb331f3dda32021-12-21 11:25:01.445root 11241100x8000000000000000527193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab90139b721493882021-12-21 11:25:01.445root 11241100x8000000000000000527194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbe554dae100ba42021-12-21 11:25:01.445root 11241100x8000000000000000527195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb621ca5f8de5362021-12-21 11:25:01.445root 11241100x8000000000000000527196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363e4593bc31868c2021-12-21 11:25:01.445root 11241100x8000000000000000527197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679acc2c0f3a5e012021-12-21 11:25:01.446root 11241100x8000000000000000527198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1b312a3053dba2021-12-21 11:25:01.446root 11241100x8000000000000000527199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245052b792040bf2021-12-21 11:25:01.446root 11241100x8000000000000000527200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ba2bc4378f619f2021-12-21 11:25:01.446root 11241100x8000000000000000527201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca72b80d71d0af42021-12-21 11:25:01.447root 11241100x8000000000000000527202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d96973c9f8b272021-12-21 11:25:01.447root 11241100x8000000000000000527203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2effe72b0bff1712021-12-21 11:25:01.447root 11241100x8000000000000000527204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9512788785306ff2021-12-21 11:25:01.448root 11241100x8000000000000000527205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221b06e3d24aedad2021-12-21 11:25:01.448root 11241100x8000000000000000527206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad82c15cacfb0fdc2021-12-21 11:25:01.448root 11241100x8000000000000000527207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2504010b7dd48d1a2021-12-21 11:25:01.448root 11241100x8000000000000000527208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92879173da92172b2021-12-21 11:25:01.448root 11241100x8000000000000000527209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799b0f543a9829ee2021-12-21 11:25:01.449root 11241100x8000000000000000527210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5120f2f677cd880a2021-12-21 11:25:01.449root 11241100x8000000000000000527211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21abdb25116928a62021-12-21 11:25:01.449root 11241100x8000000000000000527212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b416eec58898752021-12-21 11:25:01.449root 11241100x8000000000000000527213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d58fb2d2e28c1c32021-12-21 11:25:01.450root 11241100x8000000000000000527214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4b685a05d4ee592021-12-21 11:25:01.450root 11241100x8000000000000000527215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e30b1a2284f085a2021-12-21 11:25:01.450root 11241100x8000000000000000527216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f015f6dd6c8e1c8e2021-12-21 11:25:01.450root 11241100x8000000000000000527217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35fd6e2ef6d7ee02021-12-21 11:25:01.450root 11241100x8000000000000000527218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071368eb3a923e02021-12-21 11:25:01.450root 11241100x8000000000000000527219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf9b87f64315e9a2021-12-21 11:25:01.450root 11241100x8000000000000000527220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91620067a04a647f2021-12-21 11:25:01.451root 11241100x8000000000000000527221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c7e5f01aa8ba8a2021-12-21 11:25:01.451root 11241100x8000000000000000527222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2dcdef50029a232021-12-21 11:25:01.451root 11241100x8000000000000000527223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1621e740903cde12021-12-21 11:25:01.451root 11241100x8000000000000000527224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca273ad22e7c5242021-12-21 11:25:01.451root 11241100x8000000000000000527225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7f5cc935cf94c12021-12-21 11:25:01.452root 11241100x8000000000000000527226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fb851f2f40be052021-12-21 11:25:01.943root 11241100x8000000000000000527227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe48f6df2bdd62ee2021-12-21 11:25:01.943root 11241100x8000000000000000527228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457eb64aef912e9d2021-12-21 11:25:01.944root 11241100x8000000000000000527229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264b68e4bcb8259c2021-12-21 11:25:01.944root 11241100x8000000000000000527230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c5bcbcdac86462021-12-21 11:25:01.944root 11241100x8000000000000000527231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fe924a0c6c8332021-12-21 11:25:01.944root 11241100x8000000000000000527232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c334fa3e432c752021-12-21 11:25:01.944root 11241100x8000000000000000527233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864ec2455066d5852021-12-21 11:25:01.945root 11241100x8000000000000000527234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117655359fa8120e2021-12-21 11:25:01.945root 11241100x8000000000000000527235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5584030fd7f1d2021-12-21 11:25:01.945root 11241100x8000000000000000527236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef6e25ee290e7382021-12-21 11:25:01.945root 11241100x8000000000000000527237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcdb09bbd7b69ac2021-12-21 11:25:01.945root 11241100x8000000000000000527238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1974d47fcef8ec2021-12-21 11:25:01.945root 11241100x8000000000000000527239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0949583cac3212021-12-21 11:25:01.945root 11241100x8000000000000000527240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d85a0c7e6cd2a22021-12-21 11:25:01.945root 11241100x8000000000000000527241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc90bee776f0c2bf2021-12-21 11:25:01.946root 11241100x8000000000000000527242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc171771dcc2412021-12-21 11:25:01.946root 11241100x8000000000000000527243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f492ed8ae325de542021-12-21 11:25:01.946root 11241100x8000000000000000527244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21b2b919b5cc0ad2021-12-21 11:25:01.946root 11241100x8000000000000000527245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4be230559054cd2021-12-21 11:25:01.946root 11241100x8000000000000000527246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42a5996aa580642021-12-21 11:25:01.946root 11241100x8000000000000000527247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67be8cc8a41bf532021-12-21 11:25:02.443root 11241100x8000000000000000527248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faa11d1c27c79842021-12-21 11:25:02.443root 11241100x8000000000000000527249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3ec84c378d70852021-12-21 11:25:02.443root 11241100x8000000000000000527250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60dc04e2bfc9962021-12-21 11:25:02.443root 11241100x8000000000000000527251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024e0db14fb6fcc2021-12-21 11:25:02.443root 11241100x8000000000000000527252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096bea91173319572021-12-21 11:25:02.444root 11241100x8000000000000000527253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344da345a130c02f2021-12-21 11:25:02.444root 11241100x8000000000000000527254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94a2e86ecbdb2f82021-12-21 11:25:02.444root 11241100x8000000000000000527255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32936cf37eb53cf2021-12-21 11:25:02.444root 11241100x8000000000000000527256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05ece747fc03af52021-12-21 11:25:02.444root 11241100x8000000000000000527257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04ec009df6e30812021-12-21 11:25:02.444root 11241100x8000000000000000527258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e233a64dd9ad1482021-12-21 11:25:02.444root 11241100x8000000000000000527259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553540ea942f276a2021-12-21 11:25:02.444root 11241100x8000000000000000527260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fcb1d9c1658d272021-12-21 11:25:02.444root 11241100x8000000000000000527261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfac05a3940f4052021-12-21 11:25:02.444root 11241100x8000000000000000527262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82862928c4323b32021-12-21 11:25:02.444root 11241100x8000000000000000527263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2522658713aa5022021-12-21 11:25:02.445root 11241100x8000000000000000527264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1fe39be07d36212021-12-21 11:25:02.445root 11241100x8000000000000000527265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5161342d8bb89a382021-12-21 11:25:02.445root 11241100x8000000000000000527266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7734cf6c74375602021-12-21 11:25:02.445root 11241100x8000000000000000527267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2d163afa2c17af2021-12-21 11:25:02.445root 11241100x8000000000000000527268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d913798d7047082021-12-21 11:25:02.943root 11241100x8000000000000000527269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88850ead1da14aec2021-12-21 11:25:02.943root 11241100x8000000000000000527270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3fb0eecf424032021-12-21 11:25:02.943root 11241100x8000000000000000527271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d02858d3043002021-12-21 11:25:02.943root 11241100x8000000000000000527272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7143c3569603a5fe2021-12-21 11:25:02.943root 11241100x8000000000000000527273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53322021560abe8b2021-12-21 11:25:02.943root 11241100x8000000000000000527274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0c1b648fe86392021-12-21 11:25:02.943root 11241100x8000000000000000527275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7e9ecdd2130182021-12-21 11:25:02.943root 11241100x8000000000000000527276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bce4e2d9eac63f2021-12-21 11:25:02.944root 11241100x8000000000000000527277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07664f1b001690742021-12-21 11:25:02.944root 11241100x8000000000000000527278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4272f64b0bdd9cf42021-12-21 11:25:02.944root 11241100x8000000000000000527279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdbef8b65e327f52021-12-21 11:25:02.944root 11241100x8000000000000000527280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048a7921160da3162021-12-21 11:25:02.944root 11241100x8000000000000000527281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ace84209df6072021-12-21 11:25:02.944root 11241100x8000000000000000527282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d1b235da16bbc52021-12-21 11:25:02.944root 11241100x8000000000000000527283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32cc970c85ac0b12021-12-21 11:25:02.944root 11241100x8000000000000000527284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed73507d2d4f9b2c2021-12-21 11:25:02.944root 11241100x8000000000000000527285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926bf9c1266f793c2021-12-21 11:25:02.944root 11241100x8000000000000000527286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241292d3fbc88e472021-12-21 11:25:02.944root 11241100x8000000000000000527287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282ce8a5a251946e2021-12-21 11:25:02.945root 11241100x8000000000000000527288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e98ec588c291ae2021-12-21 11:25:02.945root 11241100x8000000000000000527289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99969232c615c59d2021-12-21 11:25:03.443root 11241100x8000000000000000527290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e241063531f6db152021-12-21 11:25:03.443root 11241100x8000000000000000527291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceffdc831f4814f2021-12-21 11:25:03.443root 11241100x8000000000000000527292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a4eabff9622c902021-12-21 11:25:03.443root 11241100x8000000000000000527293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d72636d3920fb0e2021-12-21 11:25:03.444root 11241100x8000000000000000527294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef61fd5a96803f2021-12-21 11:25:03.444root 11241100x8000000000000000527295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21b988ad98b71852021-12-21 11:25:03.444root 11241100x8000000000000000527296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca560fd5f4de925b2021-12-21 11:25:03.444root 11241100x8000000000000000527297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825a9c5dda9ed7a22021-12-21 11:25:03.444root 11241100x8000000000000000527298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ede9ae1cb5504d2021-12-21 11:25:03.444root 11241100x8000000000000000527299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b1b6d28449c1a32021-12-21 11:25:03.444root 11241100x8000000000000000527300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb22151523d614f12021-12-21 11:25:03.444root 11241100x8000000000000000527301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b89c19793e9d7f2021-12-21 11:25:03.444root 11241100x8000000000000000527302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00944c8a95d532f2021-12-21 11:25:03.445root 11241100x8000000000000000527303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed45fc08cec72912021-12-21 11:25:03.445root 11241100x8000000000000000527304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c481f3f7f40392a12021-12-21 11:25:03.445root 11241100x8000000000000000527305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbcee79514214ca2021-12-21 11:25:03.445root 11241100x8000000000000000527306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6bcc40bce01a22021-12-21 11:25:03.445root 11241100x8000000000000000527307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698b5f5121924be22021-12-21 11:25:03.445root 11241100x8000000000000000527308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255f90ba64eb7f162021-12-21 11:25:03.445root 11241100x8000000000000000527309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418d9555949bbd82021-12-21 11:25:03.445root 11241100x8000000000000000527310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65988dc7b5433d72021-12-21 11:25:03.943root 11241100x8000000000000000527311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278b62cc1bd8d702021-12-21 11:25:03.943root 11241100x8000000000000000527312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85014050882040b2021-12-21 11:25:03.943root 11241100x8000000000000000527313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5223228b3490efa32021-12-21 11:25:03.943root 11241100x8000000000000000527314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a0728f726a9092021-12-21 11:25:03.944root 11241100x8000000000000000527315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b5d3cb06f047252021-12-21 11:25:03.944root 11241100x8000000000000000527316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b8b0398bdc2fe52021-12-21 11:25:03.944root 11241100x8000000000000000527317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f723ee26361c1f2021-12-21 11:25:03.944root 11241100x8000000000000000527318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1822a1ca8ecabad2021-12-21 11:25:03.944root 11241100x8000000000000000527319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac319efe785fdbe22021-12-21 11:25:03.944root 11241100x8000000000000000527320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d723b21be2444d82021-12-21 11:25:03.944root 11241100x8000000000000000527321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0e5429f1134e22021-12-21 11:25:03.944root 11241100x8000000000000000527322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05fe43158988b02021-12-21 11:25:03.944root 11241100x8000000000000000527323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2aa290a3d298dc2021-12-21 11:25:03.944root 11241100x8000000000000000527324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d834c67cf53cca8a2021-12-21 11:25:03.944root 11241100x8000000000000000527325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118525514bd3967c2021-12-21 11:25:03.944root 11241100x8000000000000000527326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6a142ec4054ec62021-12-21 11:25:03.944root 11241100x8000000000000000527327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13381901fd14251d2021-12-21 11:25:03.945root 11241100x8000000000000000527328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034a577ddba46162021-12-21 11:25:03.945root 11241100x8000000000000000527329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b914ee32941b7fc2021-12-21 11:25:03.945root 11241100x8000000000000000527330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd03400b40ec342021-12-21 11:25:03.945root 11241100x8000000000000000527331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0be23ac9513ef92021-12-21 11:25:04.443root 11241100x8000000000000000527332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ffea78f97be432021-12-21 11:25:04.443root 11241100x8000000000000000527333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52981aafbf77e09a2021-12-21 11:25:04.444root 11241100x8000000000000000527334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b0249cc8a93322021-12-21 11:25:04.444root 11241100x8000000000000000527335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff1743427cdf49e2021-12-21 11:25:04.444root 11241100x8000000000000000527336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a96deca6198c0892021-12-21 11:25:04.444root 11241100x8000000000000000527337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9d566e96382e62021-12-21 11:25:04.444root 11241100x8000000000000000527338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c76ee5d75e6602021-12-21 11:25:04.444root 11241100x8000000000000000527339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ff2d6cfa2605ff2021-12-21 11:25:04.444root 11241100x8000000000000000527340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bbfd5cba9826b52021-12-21 11:25:04.444root 11241100x8000000000000000527341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6759e76da9eb037b2021-12-21 11:25:04.444root 11241100x8000000000000000527342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce50521f6b860dc2021-12-21 11:25:04.444root 11241100x8000000000000000527343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3524f483ab04ea592021-12-21 11:25:04.445root 11241100x8000000000000000527344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93aef369fc0ff112021-12-21 11:25:04.445root 11241100x8000000000000000527345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0dc2d6151378d2021-12-21 11:25:04.445root 11241100x8000000000000000527346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffd887837b73cc82021-12-21 11:25:04.445root 11241100x8000000000000000527347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a924650e163a9c12021-12-21 11:25:04.445root 11241100x8000000000000000527348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f252e754c0ab3c6a2021-12-21 11:25:04.445root 11241100x8000000000000000527349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcc8e472f81c33d2021-12-21 11:25:04.445root 11241100x8000000000000000527350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a90c8c9a74b4d12021-12-21 11:25:04.445root 11241100x8000000000000000527351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6925d787343112021-12-21 11:25:04.445root 11241100x8000000000000000527352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704135ece481efd2021-12-21 11:25:04.943root 11241100x8000000000000000527353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e237b2b0cce7e672021-12-21 11:25:04.943root 11241100x8000000000000000527354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6c790470eeb3d2021-12-21 11:25:04.943root 11241100x8000000000000000527355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e6e5f82c1e7dd2021-12-21 11:25:04.944root 11241100x8000000000000000527356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef8bb57800b0df2021-12-21 11:25:04.944root 11241100x8000000000000000527357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e901008e313c37a2021-12-21 11:25:04.944root 11241100x8000000000000000527358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de9d5c9a983a972021-12-21 11:25:04.944root 11241100x8000000000000000527359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc7c0eaa8a597bc2021-12-21 11:25:04.944root 11241100x8000000000000000527360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49a770340baddf2021-12-21 11:25:04.944root 11241100x8000000000000000527361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b39e126e9a00d12021-12-21 11:25:04.944root 11241100x8000000000000000527362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aea51e7135ce5ab2021-12-21 11:25:04.944root 11241100x8000000000000000527363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffc375c8e3f4d42021-12-21 11:25:04.944root 11241100x8000000000000000527364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9bfd1f8038a0052021-12-21 11:25:04.944root 11241100x8000000000000000527365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028ecd98083c73cf2021-12-21 11:25:04.945root 11241100x8000000000000000527366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b5435c626cf6452021-12-21 11:25:04.945root 11241100x8000000000000000527367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4adf42e6f88ef92021-12-21 11:25:04.945root 11241100x8000000000000000527368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2325f6a4fa06432021-12-21 11:25:04.945root 11241100x8000000000000000527369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05876185bc3bffde2021-12-21 11:25:04.945root 11241100x8000000000000000527370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fcede4834fa4762021-12-21 11:25:04.945root 11241100x8000000000000000527371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd614c94b63362b22021-12-21 11:25:04.945root 11241100x8000000000000000527372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa585e38b24063562021-12-21 11:25:04.945root 11241100x8000000000000000527373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78dec020eb70cdf2021-12-21 11:25:05.443root 11241100x8000000000000000527374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba1a5a4bfcd7652021-12-21 11:25:05.443root 11241100x8000000000000000527375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f68c523e4aabf32021-12-21 11:25:05.443root 11241100x8000000000000000527376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77a53f7b23365e12021-12-21 11:25:05.443root 11241100x8000000000000000527377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34bfb322f7830bd2021-12-21 11:25:05.444root 11241100x8000000000000000527378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fed0c79e17ca13b2021-12-21 11:25:05.444root 11241100x8000000000000000527379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb286d677a8dc2392021-12-21 11:25:05.444root 11241100x8000000000000000527380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00080f3be7a033c2021-12-21 11:25:05.444root 11241100x8000000000000000527381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e21e68913ac7172021-12-21 11:25:05.444root 11241100x8000000000000000527382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a601d5aec6fbde842021-12-21 11:25:05.444root 11241100x8000000000000000527383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d57aadef995a42021-12-21 11:25:05.444root 11241100x8000000000000000527384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00f2540f03e3132021-12-21 11:25:05.444root 11241100x8000000000000000527385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a340a30307d8f92021-12-21 11:25:05.444root 11241100x8000000000000000527386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd9a978981837aa2021-12-21 11:25:05.444root 11241100x8000000000000000527387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a75ee956132af2021-12-21 11:25:05.444root 11241100x8000000000000000527388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f098961ad9a42bd22021-12-21 11:25:05.444root 11241100x8000000000000000527389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5465ce420f697ca02021-12-21 11:25:05.444root 11241100x8000000000000000527390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdee082388219002021-12-21 11:25:05.444root 11241100x8000000000000000527391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b16742bb678bc82021-12-21 11:25:05.444root 11241100x8000000000000000527392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddefa63c38fb6192021-12-21 11:25:05.444root 11241100x8000000000000000527393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ebea5fed106b12021-12-21 11:25:05.445root 11241100x8000000000000000527394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d77e4b41f7a44802021-12-21 11:25:05.943root 11241100x8000000000000000527395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194e39989033ac32021-12-21 11:25:05.943root 11241100x8000000000000000527396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febf1f81b968f4b72021-12-21 11:25:05.943root 11241100x8000000000000000527397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305fa178bfd9ad32021-12-21 11:25:05.944root 11241100x8000000000000000527398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df27f3e3aa1ee952021-12-21 11:25:05.944root 11241100x8000000000000000527399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927b3e2793a5ebe32021-12-21 11:25:05.945root 11241100x8000000000000000527400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b80335a99c2f422021-12-21 11:25:05.945root 11241100x8000000000000000527401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7597bc181f3deb2021-12-21 11:25:05.945root 11241100x8000000000000000527402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91821468653bd112021-12-21 11:25:05.945root 11241100x8000000000000000527403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cee7d0b85d544a22021-12-21 11:25:05.945root 11241100x8000000000000000527404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d281215b52a6372021-12-21 11:25:05.945root 11241100x8000000000000000527405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250f5050cfd720572021-12-21 11:25:05.945root 11241100x8000000000000000527406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9c18cda9761992021-12-21 11:25:05.945root 11241100x8000000000000000527407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398380a32678ed92021-12-21 11:25:05.945root 11241100x8000000000000000527408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acadc90c1a4002cf2021-12-21 11:25:05.945root 11241100x8000000000000000527409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359de9a28421891d2021-12-21 11:25:05.945root 11241100x8000000000000000527410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7bd9336e593282021-12-21 11:25:05.945root 11241100x8000000000000000527411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08df95f1cec35082021-12-21 11:25:05.946root 11241100x8000000000000000527412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b034f7011ce7d2021-12-21 11:25:05.946root 11241100x8000000000000000527413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10fe0665bfcc2cc2021-12-21 11:25:05.946root 11241100x8000000000000000527414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303186c348475b592021-12-21 11:25:05.946root 11241100x8000000000000000527415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baef97fee2220132021-12-21 11:25:05.946root 11241100x8000000000000000527416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64ff1aa47add9232021-12-21 11:25:05.946root 11241100x8000000000000000527417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8f3cb2d512b8a42021-12-21 11:25:05.946root 354300x8000000000000000527418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.170{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48508-false10.0.1.12-8000- 11241100x8000000000000000527419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:25:06.329root 11241100x8000000000000000527420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4335a3bcfbb3b7bc2021-12-21 11:25:06.330root 11241100x8000000000000000527421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b9ec95f01e21852021-12-21 11:25:06.331root 11241100x8000000000000000527422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac3592ad2946e102021-12-21 11:25:06.331root 11241100x8000000000000000527423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c8f219fcf92ea62021-12-21 11:25:06.331root 11241100x8000000000000000527424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f704f2444f7eec2021-12-21 11:25:06.331root 11241100x8000000000000000527425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23c6b5e78774122021-12-21 11:25:06.331root 11241100x8000000000000000527426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6d173a634cd632021-12-21 11:25:06.331root 11241100x8000000000000000527427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c56d9153ef24b432021-12-21 11:25:06.332root 11241100x8000000000000000527428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948102fdccc6c5872021-12-21 11:25:06.332root 11241100x8000000000000000527429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46c59fbf9ada1fd2021-12-21 11:25:06.332root 11241100x8000000000000000527430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d734c3b9687e52032021-12-21 11:25:06.332root 11241100x8000000000000000527431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebdb7f9c482a352021-12-21 11:25:06.332root 11241100x8000000000000000527432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a954995f8d443d2021-12-21 11:25:06.332root 11241100x8000000000000000527433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b838f9d066a8d37a2021-12-21 11:25:06.332root 11241100x8000000000000000527434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9d5baab25760bf2021-12-21 11:25:06.332root 11241100x8000000000000000527435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c591d64cb6b07db2021-12-21 11:25:06.332root 11241100x8000000000000000527436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f782d527f135e82021-12-21 11:25:06.332root 11241100x8000000000000000527437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a68984d1ee6a3c2021-12-21 11:25:06.332root 11241100x8000000000000000527438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58acb4853cb8d6452021-12-21 11:25:06.332root 11241100x8000000000000000527439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b311a98d4852b5f2021-12-21 11:25:06.333root 11241100x8000000000000000527440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d14ce2e2df067ac2021-12-21 11:25:06.333root 11241100x8000000000000000527441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64aab6329beef022021-12-21 11:25:06.333root 11241100x8000000000000000527442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ef042c89408e82021-12-21 11:25:06.333root 11241100x8000000000000000527443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a469a85f59d9152021-12-21 11:25:06.333root 11241100x8000000000000000527444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a05ae7e70a352162021-12-21 11:25:06.334root 11241100x8000000000000000527445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b28ee64368505402021-12-21 11:25:06.693root 11241100x8000000000000000527446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e6e21cb39458942021-12-21 11:25:06.693root 11241100x8000000000000000527447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ff603c9ea243822021-12-21 11:25:06.693root 11241100x8000000000000000527448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230b2ecd591e6532021-12-21 11:25:06.693root 11241100x8000000000000000527449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc443b96cdbcf82021-12-21 11:25:06.693root 11241100x8000000000000000527450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00251c48fdae2b002021-12-21 11:25:06.694root 11241100x8000000000000000527451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34bd206bc2e08512021-12-21 11:25:06.694root 11241100x8000000000000000527452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ce623cc7fa4d5c2021-12-21 11:25:06.694root 11241100x8000000000000000527453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006b1f7be8ae7ae22021-12-21 11:25:06.694root 11241100x8000000000000000527454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5a16d6e97060902021-12-21 11:25:06.694root 11241100x8000000000000000527455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09083df0a91253a42021-12-21 11:25:06.694root 11241100x8000000000000000527456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d99b06e76750692021-12-21 11:25:06.694root 11241100x8000000000000000527457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f3b1b066f078682021-12-21 11:25:06.694root 11241100x8000000000000000527458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e6bc7df5ee19d2021-12-21 11:25:06.694root 11241100x8000000000000000527459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96442a1edc9d7c642021-12-21 11:25:06.694root 11241100x8000000000000000527460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2985ea5f97a5bbc2021-12-21 11:25:06.694root 11241100x8000000000000000527461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34705f24716db1d2021-12-21 11:25:06.694root 11241100x8000000000000000527462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a089191957f417af2021-12-21 11:25:06.695root 11241100x8000000000000000527463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e243b3ea54542b2021-12-21 11:25:06.695root 11241100x8000000000000000527464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe1c874fdf4dc1d2021-12-21 11:25:06.695root 11241100x8000000000000000527465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e95503662a3ee72021-12-21 11:25:06.695root 11241100x8000000000000000527466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efb37ac6ba7cced2021-12-21 11:25:06.695root 11241100x8000000000000000527467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c48ffdf9feb8b12021-12-21 11:25:06.696root 11241100x8000000000000000527468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b925dc2ca789d22021-12-21 11:25:06.696root 11241100x8000000000000000527469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60119f5f2e36132b2021-12-21 11:25:06.696root 11241100x8000000000000000527470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5b118f16f685062021-12-21 11:25:06.696root 11241100x8000000000000000527471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c36477f0c9831f92021-12-21 11:25:06.696root 11241100x8000000000000000527472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1ca30b7f9f12d92021-12-21 11:25:06.696root 11241100x8000000000000000527473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee1ff2a32c680712021-12-21 11:25:06.696root 11241100x8000000000000000527474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d1faf4a1f763602021-12-21 11:25:06.696root 11241100x8000000000000000527475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f964c7ace9bbf7162021-12-21 11:25:06.696root 11241100x8000000000000000527476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35b317ab52a0f8e2021-12-21 11:25:06.696root 11241100x8000000000000000527477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e428156d32593d92021-12-21 11:25:06.697root 11241100x8000000000000000527478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbe229cfb9408332021-12-21 11:25:06.697root 11241100x8000000000000000527479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fe0bfcf4904e92021-12-21 11:25:06.697root 11241100x8000000000000000527480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f6bee3eb591d7d2021-12-21 11:25:06.697root 11241100x8000000000000000527481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea1f8da4c123552021-12-21 11:25:06.697root 11241100x8000000000000000527482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69a36377904ac9a2021-12-21 11:25:06.697root 11241100x8000000000000000527483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3fb399f203d03d2021-12-21 11:25:06.697root 11241100x8000000000000000527484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504390148d67d7772021-12-21 11:25:06.697root 11241100x8000000000000000527485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181018791c7f6cd52021-12-21 11:25:06.697root 11241100x8000000000000000527486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73333cd690425e882021-12-21 11:25:06.698root 11241100x8000000000000000527487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6d9caa19f31fa62021-12-21 11:25:06.698root 11241100x8000000000000000527488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589973c4631bd3e82021-12-21 11:25:06.698root 11241100x8000000000000000527489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889aaa4b6c45bb622021-12-21 11:25:06.698root 11241100x8000000000000000527490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ead1fe78776d352021-12-21 11:25:06.698root 11241100x8000000000000000527491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d0ce93539f8312021-12-21 11:25:06.698root 11241100x8000000000000000527492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4c7aef2b8a7f712021-12-21 11:25:06.698root 11241100x8000000000000000527493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ef4a83f6bc5bf12021-12-21 11:25:06.698root 11241100x8000000000000000527494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993f9552d587ec32021-12-21 11:25:06.698root 11241100x8000000000000000527495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6390a52f3f95c10d2021-12-21 11:25:06.698root 11241100x8000000000000000527496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816036893a4937f32021-12-21 11:25:06.699root 11241100x8000000000000000527497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498fdbbb57bff3472021-12-21 11:25:06.699root 11241100x8000000000000000527498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2bd6ba813a7f422021-12-21 11:25:06.699root 11241100x8000000000000000527499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793ed6909bc4e9232021-12-21 11:25:06.699root 11241100x8000000000000000527500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecce4a681a321a482021-12-21 11:25:06.699root 11241100x8000000000000000527501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93149c1468646a8f2021-12-21 11:25:06.700root 11241100x8000000000000000527502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e9a77be0a6fe152021-12-21 11:25:06.700root 11241100x8000000000000000527503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21c44574d8704b2021-12-21 11:25:06.700root 11241100x8000000000000000527504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be56e32ac7d3cd9a2021-12-21 11:25:06.700root 11241100x8000000000000000527505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1269fcfab86a32021-12-21 11:25:06.700root 11241100x8000000000000000527506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d0306206675a4f2021-12-21 11:25:06.700root 11241100x8000000000000000527507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15480df2acc4bfa2021-12-21 11:25:06.700root 11241100x8000000000000000527508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60bcf02e496d26a2021-12-21 11:25:06.700root 11241100x8000000000000000527509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3f86aae7acfd02021-12-21 11:25:06.700root 11241100x8000000000000000527510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f2d42ed478cc362021-12-21 11:25:06.700root 11241100x8000000000000000527511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e194e07dea76ae62021-12-21 11:25:06.700root 11241100x8000000000000000527512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404aa318d0f147852021-12-21 11:25:06.701root 11241100x8000000000000000527513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f85bc170b015152021-12-21 11:25:06.701root 11241100x8000000000000000527514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848e53bb548e94562021-12-21 11:25:06.701root 11241100x8000000000000000527515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f63f98522177412021-12-21 11:25:06.701root 11241100x8000000000000000527516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d9f4e295c499e2021-12-21 11:25:06.701root 11241100x8000000000000000527517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f429e7488626fb2021-12-21 11:25:06.701root 11241100x8000000000000000527518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a242200a9becb2021-12-21 11:25:06.701root 11241100x8000000000000000527519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8293f55a12edcd82021-12-21 11:25:06.701root 11241100x8000000000000000527520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581944c56428329e2021-12-21 11:25:07.193root 11241100x8000000000000000527521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824471684541dcdb2021-12-21 11:25:07.193root 11241100x8000000000000000527522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b38654f42905342021-12-21 11:25:07.193root 11241100x8000000000000000527523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66340575a4eb4d32021-12-21 11:25:07.193root 11241100x8000000000000000527524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c20177ed2161c542021-12-21 11:25:07.193root 11241100x8000000000000000527525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d16d4c398aafd82021-12-21 11:25:07.193root 11241100x8000000000000000527526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525cd7af04b688102021-12-21 11:25:07.194root 11241100x8000000000000000527527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3773a6184519fe2021-12-21 11:25:07.194root 11241100x8000000000000000527528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3154a70cd4edb562021-12-21 11:25:07.194root 11241100x8000000000000000527529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096af61fc53956b2021-12-21 11:25:07.194root 11241100x8000000000000000527530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e083604a2ec26c2021-12-21 11:25:07.194root 11241100x8000000000000000527531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a8b9559c2a6752021-12-21 11:25:07.194root 11241100x8000000000000000527532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da110c40e829339d2021-12-21 11:25:07.194root 11241100x8000000000000000527533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85443aa77206140b2021-12-21 11:25:07.194root 11241100x8000000000000000527534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc2cdbaf78f20842021-12-21 11:25:07.194root 11241100x8000000000000000527535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c115b9d57b6fdb1f2021-12-21 11:25:07.194root 11241100x8000000000000000527536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6870887bf5eb642021-12-21 11:25:07.194root 11241100x8000000000000000527537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15744ea07aa3fcb2021-12-21 11:25:07.194root 11241100x8000000000000000527538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f5d787a624b7d2021-12-21 11:25:07.194root 11241100x8000000000000000527539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d7f89aa4e02e762021-12-21 11:25:07.194root 11241100x8000000000000000527540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429997452650790e2021-12-21 11:25:07.194root 11241100x8000000000000000527541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfb770b1fe477692021-12-21 11:25:07.194root 11241100x8000000000000000527542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab6f2692f4e51a82021-12-21 11:25:07.195root 11241100x8000000000000000527543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77af9731031cf25d2021-12-21 11:25:07.693root 11241100x8000000000000000527544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16382b8e49fec4a2021-12-21 11:25:07.693root 11241100x8000000000000000527545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8638e13e7c3ff22021-12-21 11:25:07.693root 11241100x8000000000000000527546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc932324171994712021-12-21 11:25:07.693root 11241100x8000000000000000527547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe9932ed33496d2021-12-21 11:25:07.693root 11241100x8000000000000000527548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1ded6812ee19f72021-12-21 11:25:07.693root 11241100x8000000000000000527549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc11b3111c75e4a2021-12-21 11:25:07.693root 11241100x8000000000000000527550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709cc27b479f71c92021-12-21 11:25:07.693root 11241100x8000000000000000527551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e15072d6c5f69f2021-12-21 11:25:07.693root 11241100x8000000000000000527552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691e75dd7e726162021-12-21 11:25:07.693root 11241100x8000000000000000527553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf11eba3d52022d62021-12-21 11:25:07.694root 11241100x8000000000000000527554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b53bc59672b7f212021-12-21 11:25:07.694root 11241100x8000000000000000527555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ba3224897858112021-12-21 11:25:07.694root 11241100x8000000000000000527556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e40132c41e6e182021-12-21 11:25:07.694root 11241100x8000000000000000527557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3f974365562deb2021-12-21 11:25:07.694root 11241100x8000000000000000527558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0756246f6ff5c26d2021-12-21 11:25:07.694root 11241100x8000000000000000527559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e627262b6ba6a222021-12-21 11:25:07.694root 11241100x8000000000000000527560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7007ef749d3bc4a22021-12-21 11:25:07.694root 11241100x8000000000000000527561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15c332890c8be92021-12-21 11:25:07.695root 11241100x8000000000000000527562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b653421836cec9a2021-12-21 11:25:07.695root 11241100x8000000000000000527563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead645d99ec4c9402021-12-21 11:25:07.695root 11241100x8000000000000000527564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af6785d88657a42021-12-21 11:25:07.695root 11241100x8000000000000000527565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db37e898eed3f7ea2021-12-21 11:25:07.695root 11241100x8000000000000000527566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625dfa84e3c95ce2021-12-21 11:25:07.695root 11241100x8000000000000000527567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605b67dab83fdee2021-12-21 11:25:07.695root 11241100x8000000000000000527568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ee88c1f05fde1d2021-12-21 11:25:07.696root 11241100x8000000000000000527569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b734913f86c3b2632021-12-21 11:25:07.696root 11241100x8000000000000000527570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739d697e81d818c82021-12-21 11:25:07.696root 11241100x8000000000000000527571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a97322556621c2021-12-21 11:25:07.696root 11241100x8000000000000000527572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1eeece92dccf42021-12-21 11:25:07.697root 11241100x8000000000000000527573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ab19756b3f3d6a2021-12-21 11:25:07.697root 11241100x8000000000000000527574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fdde6cb89690742021-12-21 11:25:07.697root 11241100x8000000000000000527575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc54f87034b56a2021-12-21 11:25:07.697root 11241100x8000000000000000527576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5891f89e07c8b592021-12-21 11:25:07.697root 11241100x8000000000000000527577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3a11838dbe0c82021-12-21 11:25:07.698root 11241100x8000000000000000527578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98340577549912eb2021-12-21 11:25:07.698root 11241100x8000000000000000527579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123ab529b74ac882021-12-21 11:25:07.698root 11241100x8000000000000000527580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8819cb93c96a80b92021-12-21 11:25:07.698root 11241100x8000000000000000527581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cb3a15ac6fa40d2021-12-21 11:25:07.698root 11241100x8000000000000000527582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c91f812b15573b92021-12-21 11:25:07.699root 11241100x8000000000000000527583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c60a0dc460730692021-12-21 11:25:08.193root 11241100x8000000000000000527584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b39674c2315c342021-12-21 11:25:08.193root 11241100x8000000000000000527585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc671436ed804072021-12-21 11:25:08.194root 11241100x8000000000000000527586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1738086f75e4322021-12-21 11:25:08.194root 11241100x8000000000000000527587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c359a0ea105927e2021-12-21 11:25:08.194root 11241100x8000000000000000527588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a196b4d2bcca31f2021-12-21 11:25:08.194root 11241100x8000000000000000527589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675567c6018496942021-12-21 11:25:08.194root 11241100x8000000000000000527590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832c4ce8eb928b902021-12-21 11:25:08.194root 11241100x8000000000000000527591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a870aed65c178d2021-12-21 11:25:08.195root 11241100x8000000000000000527592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9667749e4665a0932021-12-21 11:25:08.195root 11241100x8000000000000000527593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c778044d7913e4b2021-12-21 11:25:08.195root 11241100x8000000000000000527594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8338d2782fd85e02021-12-21 11:25:08.195root 11241100x8000000000000000527595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0406af1ce80aba552021-12-21 11:25:08.195root 11241100x8000000000000000527596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e49ab5ecaf374332021-12-21 11:25:08.195root 11241100x8000000000000000527597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ee1c1021ef89752021-12-21 11:25:08.195root 11241100x8000000000000000527598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be210c1a5929ddbd2021-12-21 11:25:08.195root 11241100x8000000000000000527599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846600a89665917d2021-12-21 11:25:08.195root 11241100x8000000000000000527600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766ab7bfbeeed972021-12-21 11:25:08.195root 11241100x8000000000000000527601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc8732cdfd7adc12021-12-21 11:25:08.195root 11241100x8000000000000000527602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f8a33a61eaa9a2021-12-21 11:25:08.196root 11241100x8000000000000000527603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ccbd3594fb5b982021-12-21 11:25:08.196root 11241100x8000000000000000527604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c0fce0d7f4b73a2021-12-21 11:25:08.196root 11241100x8000000000000000527605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bc7e6537cfe6ab2021-12-21 11:25:08.196root 11241100x8000000000000000527606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d6e74866d395212021-12-21 11:25:08.693root 11241100x8000000000000000527607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b878de6bbd5592b52021-12-21 11:25:08.693root 11241100x8000000000000000527608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52cbbd910bf47b82021-12-21 11:25:08.694root 11241100x8000000000000000527609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d863bfb6be23c24e2021-12-21 11:25:08.694root 11241100x8000000000000000527610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bcf43288e25ba42021-12-21 11:25:08.694root 11241100x8000000000000000527611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5b181ac398f36c2021-12-21 11:25:08.694root 11241100x8000000000000000527612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096c922eefa050182021-12-21 11:25:08.694root 11241100x8000000000000000527613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f539219e24ab4bb2021-12-21 11:25:08.694root 11241100x8000000000000000527614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee922b8918d69592021-12-21 11:25:08.694root 11241100x8000000000000000527615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071c67d11c6066c52021-12-21 11:25:08.694root 11241100x8000000000000000527616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f41daba79cc7e902021-12-21 11:25:08.695root 11241100x8000000000000000527617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d900b80a2ee8acba2021-12-21 11:25:08.695root 11241100x8000000000000000527618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca21f8d19315e8982021-12-21 11:25:08.695root 11241100x8000000000000000527619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d03425802734552021-12-21 11:25:08.695root 11241100x8000000000000000527620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c222d33a4ac1742021-12-21 11:25:08.695root 11241100x8000000000000000527621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d252e21d8c6ee92021-12-21 11:25:08.695root 11241100x8000000000000000527622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad61595e67c9b3b2021-12-21 11:25:08.695root 11241100x8000000000000000527623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fb9c58555e89e2021-12-21 11:25:08.695root 11241100x8000000000000000527624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b88635e232a54f2021-12-21 11:25:08.695root 11241100x8000000000000000527625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cf6137458128402021-12-21 11:25:08.695root 11241100x8000000000000000527626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cca91705c0db722021-12-21 11:25:08.695root 11241100x8000000000000000527627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9250739d3d9a612021-12-21 11:25:08.695root 11241100x8000000000000000527628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69008469dd9fed1d2021-12-21 11:25:08.696root 11241100x8000000000000000527629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15329f69039aaa1e2021-12-21 11:25:09.193root 11241100x8000000000000000527630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596e0d4fdfe41fdb2021-12-21 11:25:09.193root 11241100x8000000000000000527631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c6ea27ddc79ff2021-12-21 11:25:09.194root 11241100x8000000000000000527632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca81eda818812972021-12-21 11:25:09.194root 11241100x8000000000000000527633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da668689d06d49202021-12-21 11:25:09.194root 11241100x8000000000000000527634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e892f780898e432021-12-21 11:25:09.194root 11241100x8000000000000000527635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af69da1b1491d72021-12-21 11:25:09.194root 11241100x8000000000000000527636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a2ca9fd2c9ab92021-12-21 11:25:09.194root 11241100x8000000000000000527637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc9f92ffaa93d992021-12-21 11:25:09.194root 11241100x8000000000000000527638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1febd2505fa62bc02021-12-21 11:25:09.194root 11241100x8000000000000000527639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab32a095cfe551d12021-12-21 11:25:09.194root 11241100x8000000000000000527640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef24463adb28f902021-12-21 11:25:09.194root 11241100x8000000000000000527641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca319e06e408a85c2021-12-21 11:25:09.194root 11241100x8000000000000000527642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f052ecbb8885a3e2021-12-21 11:25:09.194root 11241100x8000000000000000527643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0593fb43804e87402021-12-21 11:25:09.194root 11241100x8000000000000000527644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e4668490d6b35b2021-12-21 11:25:09.194root 11241100x8000000000000000527645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7ed3908a0c01e2021-12-21 11:25:09.194root 11241100x8000000000000000527646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6518026466306d812021-12-21 11:25:09.195root 11241100x8000000000000000527647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe7b0e087702d642021-12-21 11:25:09.195root 11241100x8000000000000000527648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15253dbab132cc172021-12-21 11:25:09.195root 11241100x8000000000000000527649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16fb52c8f40db472021-12-21 11:25:09.195root 11241100x8000000000000000527650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54af194622a8e13b2021-12-21 11:25:09.195root 11241100x8000000000000000527651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055b990e25fa1f82021-12-21 11:25:09.195root 23542300x8000000000000000527652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000527653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e0ea9324661312021-12-21 11:25:09.693root 11241100x8000000000000000527654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1644d1425769a62021-12-21 11:25:09.694root 11241100x8000000000000000527655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb52dfed4b80b0902021-12-21 11:25:09.694root 11241100x8000000000000000527656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9d7390a0a2a1f2021-12-21 11:25:09.694root 11241100x8000000000000000527657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca32166fa66dcc12021-12-21 11:25:09.694root 11241100x8000000000000000527658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531835378a05c152021-12-21 11:25:09.694root 11241100x8000000000000000527659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0208b7e3817879a2021-12-21 11:25:09.694root 11241100x8000000000000000527660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6201ee9e1b1aed2021-12-21 11:25:09.694root 11241100x8000000000000000527661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7613d469d5b8dbe2021-12-21 11:25:09.694root 11241100x8000000000000000527662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6be79847c59f442021-12-21 11:25:09.694root 11241100x8000000000000000527663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718aa0db66364c1b2021-12-21 11:25:09.695root 11241100x8000000000000000527664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c2959919731cbe2021-12-21 11:25:09.695root 11241100x8000000000000000527665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897f3375c2cc39b72021-12-21 11:25:09.695root 11241100x8000000000000000527666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a9beabaea49b202021-12-21 11:25:09.695root 11241100x8000000000000000527667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e317e5be421c522021-12-21 11:25:09.695root 11241100x8000000000000000527668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ace87ff0a301382021-12-21 11:25:09.695root 11241100x8000000000000000527669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b971305a46cf0b2021-12-21 11:25:09.695root 11241100x8000000000000000527670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a8c9d823f9b11c2021-12-21 11:25:09.695root 11241100x8000000000000000527671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8989692038ab11ac2021-12-21 11:25:09.695root 11241100x8000000000000000527672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119a499b61f92d562021-12-21 11:25:09.695root 11241100x8000000000000000527673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8d158e92e338c2021-12-21 11:25:09.696root 11241100x8000000000000000527674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d604fc8789dfc552021-12-21 11:25:09.696root 11241100x8000000000000000527675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfe0d1c7e2dd192021-12-21 11:25:09.696root 11241100x8000000000000000527676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109ad6080e949052021-12-21 11:25:09.696root 11241100x8000000000000000527677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a54857b6a8de662021-12-21 11:25:10.193root 11241100x8000000000000000527678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775bedc663459dbb2021-12-21 11:25:10.193root 11241100x8000000000000000527679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e30464fc3f5a752021-12-21 11:25:10.194root 11241100x8000000000000000527680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e671f595e6949c2e2021-12-21 11:25:10.194root 11241100x8000000000000000527681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a571cd9cbff3ec2021-12-21 11:25:10.194root 11241100x8000000000000000527682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52bf7c067898e062021-12-21 11:25:10.194root 11241100x8000000000000000527683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fb834ae7befe1f2021-12-21 11:25:10.194root 11241100x8000000000000000527684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d06d60995cfc342021-12-21 11:25:10.194root 11241100x8000000000000000527685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55725e1adde1870f2021-12-21 11:25:10.194root 11241100x8000000000000000527686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57495ebd046641e42021-12-21 11:25:10.194root 11241100x8000000000000000527687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b03a936bc03d92021-12-21 11:25:10.194root 11241100x8000000000000000527688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adc7560b064340c2021-12-21 11:25:10.194root 11241100x8000000000000000527689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7e92cf880bc19e2021-12-21 11:25:10.195root 11241100x8000000000000000527690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064039d6d80323522021-12-21 11:25:10.195root 11241100x8000000000000000527691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5180a678e86218c2021-12-21 11:25:10.195root 11241100x8000000000000000527692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d5b05ec362e49d2021-12-21 11:25:10.195root 11241100x8000000000000000527693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884cff36debf2dc02021-12-21 11:25:10.195root 11241100x8000000000000000527694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb68c5cebdf64fec2021-12-21 11:25:10.195root 11241100x8000000000000000527695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55234f28036ab1642021-12-21 11:25:10.195root 11241100x8000000000000000527696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b787d3c65c6c2342021-12-21 11:25:10.196root 11241100x8000000000000000527697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9dedb21ed9224f2021-12-21 11:25:10.196root 11241100x8000000000000000527698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddeda3958b660e92021-12-21 11:25:10.196root 11241100x8000000000000000527699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07ed8ec5b45c672021-12-21 11:25:10.196root 11241100x8000000000000000527700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b7d5e92f10eec52021-12-21 11:25:10.196root 11241100x8000000000000000527701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd319b406d65d1472021-12-21 11:25:10.693root 11241100x8000000000000000527702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f490d426fd4bb6e2021-12-21 11:25:10.693root 11241100x8000000000000000527703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3aa13d8f53d39f42021-12-21 11:25:10.694root 11241100x8000000000000000527704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9068674a368790882021-12-21 11:25:10.694root 11241100x8000000000000000527705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51f6662d569cbe82021-12-21 11:25:10.694root 11241100x8000000000000000527706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83aa94d0a67b10a2021-12-21 11:25:10.694root 11241100x8000000000000000527707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c6971d4b40bd62021-12-21 11:25:10.694root 11241100x8000000000000000527708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cac5e8494869e42021-12-21 11:25:10.694root 11241100x8000000000000000527709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f190200249d12d882021-12-21 11:25:10.694root 11241100x8000000000000000527710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a07bf61947eceed2021-12-21 11:25:10.694root 11241100x8000000000000000527711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639089377fb8b282021-12-21 11:25:10.694root 11241100x8000000000000000527712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6937dc70fc5e3352021-12-21 11:25:10.694root 11241100x8000000000000000527713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc738e4245864e662021-12-21 11:25:10.694root 11241100x8000000000000000527714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331ab48cb0b50c0a2021-12-21 11:25:10.695root 11241100x8000000000000000527715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90d303dabf9d2972021-12-21 11:25:10.695root 11241100x8000000000000000527716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995f962e712e7e702021-12-21 11:25:10.695root 11241100x8000000000000000527717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf57a877b5c1e28d2021-12-21 11:25:10.695root 11241100x8000000000000000527718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2eab7ae244e1a32021-12-21 11:25:10.695root 11241100x8000000000000000527719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39876eac9678c52021-12-21 11:25:10.695root 11241100x8000000000000000527720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d134fc2399b18e82021-12-21 11:25:10.695root 11241100x8000000000000000527721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1edd3ec7afbf082021-12-21 11:25:10.695root 11241100x8000000000000000527722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef89fae45426552021-12-21 11:25:10.695root 11241100x8000000000000000527723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69ac21e78d47dd72021-12-21 11:25:10.695root 11241100x8000000000000000527724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1f115bd0063ec32021-12-21 11:25:10.695root 11241100x8000000000000000527725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed75e357dc36d042021-12-21 11:25:11.193root 11241100x8000000000000000527726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b487f487c4ba9f22021-12-21 11:25:11.193root 11241100x8000000000000000527727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ce7e52d5aa50602021-12-21 11:25:11.194root 11241100x8000000000000000527728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb49c60cd001a232021-12-21 11:25:11.194root 11241100x8000000000000000527729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b6d82201196392021-12-21 11:25:11.194root 11241100x8000000000000000527730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e800f87737bcd3c42021-12-21 11:25:11.194root 11241100x8000000000000000527731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3cd2effbae0cf22021-12-21 11:25:11.194root 11241100x8000000000000000527732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514d37b3201f658c2021-12-21 11:25:11.194root 11241100x8000000000000000527733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32180cfce067de9e2021-12-21 11:25:11.194root 11241100x8000000000000000527734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e9939835af4e482021-12-21 11:25:11.194root 11241100x8000000000000000527735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108d06626273720f2021-12-21 11:25:11.194root 11241100x8000000000000000527736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb7d88794f51b3c2021-12-21 11:25:11.194root 11241100x8000000000000000527737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9043bbab60b74e0c2021-12-21 11:25:11.194root 11241100x8000000000000000527738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c6d117d7368d3a2021-12-21 11:25:11.194root 11241100x8000000000000000527739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354808c3e5d2123e2021-12-21 11:25:11.194root 11241100x8000000000000000527740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f0b1e826a00382021-12-21 11:25:11.195root 11241100x8000000000000000527741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9055bad8744704492021-12-21 11:25:11.195root 11241100x8000000000000000527742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9b4f0fb3a30f402021-12-21 11:25:11.195root 11241100x8000000000000000527743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14597ddbf2573e2021-12-21 11:25:11.195root 11241100x8000000000000000527744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62977a52de7bf912021-12-21 11:25:11.195root 11241100x8000000000000000527745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c58044ba7b4cf5e2021-12-21 11:25:11.195root 11241100x8000000000000000527746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5950ccd456ad3a2021-12-21 11:25:11.195root 11241100x8000000000000000527747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492510221031e6b32021-12-21 11:25:11.195root 11241100x8000000000000000527748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212079654f086aff2021-12-21 11:25:11.196root 354300x8000000000000000527749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.239{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48510-false10.0.1.12-8000- 11241100x8000000000000000527750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30da5178804568062021-12-21 11:25:11.693root 11241100x8000000000000000527751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6950d880fd73eb12021-12-21 11:25:11.694root 11241100x8000000000000000527752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71300749dcf3d04e2021-12-21 11:25:11.694root 11241100x8000000000000000527753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcebbe6ceba35d2021-12-21 11:25:11.694root 11241100x8000000000000000527754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608e466b862c5c72021-12-21 11:25:11.694root 11241100x8000000000000000527755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb97866ddfe3382021-12-21 11:25:11.695root 11241100x8000000000000000527756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c35d139dda43d532021-12-21 11:25:11.695root 11241100x8000000000000000527757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe5b2c2d148cfe62021-12-21 11:25:11.695root 11241100x8000000000000000527758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869945897c6b0b32021-12-21 11:25:11.695root 11241100x8000000000000000527759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad288c7b41c5aa82021-12-21 11:25:11.695root 11241100x8000000000000000527760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdac0db21b008272021-12-21 11:25:11.695root 11241100x8000000000000000527761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a1f9d5d4db91c12021-12-21 11:25:11.695root 11241100x8000000000000000527762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac6efcee1fe5eb2021-12-21 11:25:11.695root 11241100x8000000000000000527763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7fc17423cd2e942021-12-21 11:25:11.695root 11241100x8000000000000000527764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59e036d89be4ee22021-12-21 11:25:11.695root 11241100x8000000000000000527765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd7e46028844c52021-12-21 11:25:11.695root 11241100x8000000000000000527766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1be08b5a7bd0d912021-12-21 11:25:11.695root 11241100x8000000000000000527767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd115379c4362b4f2021-12-21 11:25:11.696root 11241100x8000000000000000527768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ef504692f88092021-12-21 11:25:11.696root 11241100x8000000000000000527769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5717743cf02672021-12-21 11:25:11.696root 11241100x8000000000000000527770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25600511861a56a2021-12-21 11:25:11.696root 11241100x8000000000000000527771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db43f7a57755bf872021-12-21 11:25:11.696root 11241100x8000000000000000527772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064076ce1fd6df512021-12-21 11:25:11.696root 11241100x8000000000000000527773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5227ef52cf74ab8d2021-12-21 11:25:11.696root 11241100x8000000000000000527774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312a9773d5d2b2c92021-12-21 11:25:11.696root 11241100x8000000000000000527775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421bb3ee9a6805322021-12-21 11:25:12.193root 11241100x8000000000000000527776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee30a75f995af142021-12-21 11:25:12.194root 11241100x8000000000000000527777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51945958a6c35f272021-12-21 11:25:12.194root 11241100x8000000000000000527778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a1e81a5f54600d2021-12-21 11:25:12.194root 11241100x8000000000000000527779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a111b07fee324bb2021-12-21 11:25:12.194root 11241100x8000000000000000527780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6444722b5b0e213c2021-12-21 11:25:12.194root 11241100x8000000000000000527781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c669212fc65eec4f2021-12-21 11:25:12.194root 11241100x8000000000000000527782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bc276a6c8ab10f2021-12-21 11:25:12.194root 11241100x8000000000000000527783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc6d9082dadb8a2021-12-21 11:25:12.195root 11241100x8000000000000000527784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2926ff0ac12494382021-12-21 11:25:12.195root 11241100x8000000000000000527785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d33bc66d9c0738f2021-12-21 11:25:12.195root 11241100x8000000000000000527786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb4f6be960424c2021-12-21 11:25:12.195root 11241100x8000000000000000527787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1df6ba53718a42021-12-21 11:25:12.195root 11241100x8000000000000000527788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b2e765bd35fdf22021-12-21 11:25:12.195root 11241100x8000000000000000527789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644b5617aae25c062021-12-21 11:25:12.195root 11241100x8000000000000000527790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642dad094bfb2cba2021-12-21 11:25:12.195root 11241100x8000000000000000527791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67099260b2891dfc2021-12-21 11:25:12.195root 11241100x8000000000000000527792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea6d77a421c0f22021-12-21 11:25:12.196root 11241100x8000000000000000527793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bf1bfc11f6ee6a2021-12-21 11:25:12.196root 11241100x8000000000000000527794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4839aedb63e2818d2021-12-21 11:25:12.196root 11241100x8000000000000000527795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e865fea1d5d4ed2021-12-21 11:25:12.196root 11241100x8000000000000000527796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfb447d004f2f892021-12-21 11:25:12.196root 11241100x8000000000000000527797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd7b89b605139332021-12-21 11:25:12.196root 11241100x8000000000000000527798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76173e8193e6f2af2021-12-21 11:25:12.196root 11241100x8000000000000000527799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148235e9b90ba4f2021-12-21 11:25:12.196root 11241100x8000000000000000527800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f41c0f2a9a45362021-12-21 11:25:12.693root 11241100x8000000000000000527801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c90a4ddac03152021-12-21 11:25:12.694root 11241100x8000000000000000527802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847311767965be6a2021-12-21 11:25:12.694root 11241100x8000000000000000527803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4789ca521393faf22021-12-21 11:25:12.694root 11241100x8000000000000000527804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aca3a67a58b8302021-12-21 11:25:12.694root 11241100x8000000000000000527805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2e485f766b5b3b2021-12-21 11:25:12.694root 11241100x8000000000000000527806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b188ff49c20b9d6c2021-12-21 11:25:12.694root 11241100x8000000000000000527807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeab33cebe88044e2021-12-21 11:25:12.694root 11241100x8000000000000000527808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3437126d29b61fe2021-12-21 11:25:12.694root 11241100x8000000000000000527809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be792330f58bbf752021-12-21 11:25:12.694root 11241100x8000000000000000527810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53964ffa1e4dc062021-12-21 11:25:12.694root 11241100x8000000000000000527811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da883c2a7f1d56b82021-12-21 11:25:12.695root 11241100x8000000000000000527812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f84e27169bd29f2021-12-21 11:25:12.695root 11241100x8000000000000000527813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29463f217e3c5512021-12-21 11:25:12.695root 11241100x8000000000000000527814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9104518f84387352021-12-21 11:25:12.695root 11241100x8000000000000000527815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc8b33d8a9d97602021-12-21 11:25:12.695root 11241100x8000000000000000527816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0cd68c210227cf2021-12-21 11:25:12.695root 11241100x8000000000000000527817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230b0efa941f32462021-12-21 11:25:12.695root 11241100x8000000000000000527818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60414a9971e6a83c2021-12-21 11:25:12.695root 11241100x8000000000000000527819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f52febac1ffcc2021-12-21 11:25:12.695root 11241100x8000000000000000527820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9742b48e438bd4d42021-12-21 11:25:12.695root 11241100x8000000000000000527821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a8d0de3566f4be2021-12-21 11:25:12.695root 11241100x8000000000000000527822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a66d34de9f25872021-12-21 11:25:12.695root 11241100x8000000000000000527823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8619808df157ae402021-12-21 11:25:12.695root 11241100x8000000000000000527824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a23a535b215c82e2021-12-21 11:25:12.696root 11241100x8000000000000000527825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f091900b80143542021-12-21 11:25:13.193root 11241100x8000000000000000527826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe684dfb5a88502021-12-21 11:25:13.194root 11241100x8000000000000000527827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c0a081301faf2d2021-12-21 11:25:13.194root 11241100x8000000000000000527828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bf4454d11c57b42021-12-21 11:25:13.194root 11241100x8000000000000000527829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10b3e6c2c52e48b2021-12-21 11:25:13.194root 11241100x8000000000000000527830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aa8aca7a4cf02e2021-12-21 11:25:13.194root 11241100x8000000000000000527831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebafc14e6f14f962021-12-21 11:25:13.194root 11241100x8000000000000000527832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6828efadeb1e5fb82021-12-21 11:25:13.194root 11241100x8000000000000000527833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b54a1c0c5be3572021-12-21 11:25:13.194root 11241100x8000000000000000527834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abb84783214d00b2021-12-21 11:25:13.194root 11241100x8000000000000000527835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd07cf23e0278a962021-12-21 11:25:13.194root 11241100x8000000000000000527836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc41f314e81ab742021-12-21 11:25:13.194root 11241100x8000000000000000527837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8641f7e6198da2021-12-21 11:25:13.194root 11241100x8000000000000000527838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf83b3aa8f284ee02021-12-21 11:25:13.194root 11241100x8000000000000000527839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230afb6ccfbd5e092021-12-21 11:25:13.194root 11241100x8000000000000000527840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df421194bc57716c2021-12-21 11:25:13.194root 11241100x8000000000000000527841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89028dbc80a9d52021-12-21 11:25:13.195root 11241100x8000000000000000527842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7604ef326bf4052021-12-21 11:25:13.195root 11241100x8000000000000000527843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3802fcfd253ade982021-12-21 11:25:13.195root 11241100x8000000000000000527844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ab5363f4343062021-12-21 11:25:13.195root 11241100x8000000000000000527845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb62474071d96542021-12-21 11:25:13.195root 11241100x8000000000000000527846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776325622c83b802021-12-21 11:25:13.195root 11241100x8000000000000000527847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8597558574cd40092021-12-21 11:25:13.195root 11241100x8000000000000000527848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae867fb19136232021-12-21 11:25:13.195root 11241100x8000000000000000527849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30641765a9c75f62021-12-21 11:25:13.195root 11241100x8000000000000000527850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d25d0853b334302021-12-21 11:25:13.693root 11241100x8000000000000000527851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a687708a2bc011f12021-12-21 11:25:13.694root 11241100x8000000000000000527852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f09a1f5336f5f532021-12-21 11:25:13.694root 11241100x8000000000000000527853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e100ae6c14ab84952021-12-21 11:25:13.694root 11241100x8000000000000000527854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64368170a25f34c2021-12-21 11:25:13.694root 11241100x8000000000000000527855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f41be06c4eb9c2021-12-21 11:25:13.694root 11241100x8000000000000000527856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc250730e161d6b82021-12-21 11:25:13.694root 11241100x8000000000000000527857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200b5c378beb3492021-12-21 11:25:13.694root 11241100x8000000000000000527858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f28128674158b422021-12-21 11:25:13.694root 11241100x8000000000000000527859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965eed18ed6d4e132021-12-21 11:25:13.694root 11241100x8000000000000000527860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc6c264295b7312021-12-21 11:25:13.694root 11241100x8000000000000000527861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750ab84beeb7d5d02021-12-21 11:25:13.695root 11241100x8000000000000000527862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576b1ea9780a58732021-12-21 11:25:13.695root 11241100x8000000000000000527863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cabab59b15e820f2021-12-21 11:25:13.695root 11241100x8000000000000000527864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e04a85f5e3c5e02021-12-21 11:25:13.695root 11241100x8000000000000000527865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8122c630ff351af62021-12-21 11:25:13.695root 11241100x8000000000000000527866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2deff4b973c3e72021-12-21 11:25:13.695root 11241100x8000000000000000527867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29eb5de77486c482021-12-21 11:25:13.695root 11241100x8000000000000000527868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85180ca10bc391372021-12-21 11:25:13.695root 11241100x8000000000000000527869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c2b5f0a4a0d7542021-12-21 11:25:13.696root 11241100x8000000000000000527870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8897f0a9a333eca2021-12-21 11:25:13.696root 11241100x8000000000000000527871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc7d5e9a4c0a1d2021-12-21 11:25:13.696root 11241100x8000000000000000527872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e295347831f57dd52021-12-21 11:25:13.696root 11241100x8000000000000000527873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d61d3c6a4b43a02021-12-21 11:25:13.696root 11241100x8000000000000000527874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1babc7b595b3ea2a2021-12-21 11:25:13.697root 154100x8000000000000000527875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.873{ec2b6afe-b999-61c1-68e4-cfe4f4550000}9863/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000527876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.882{ec2b6afe-b999-61c1-68e4-cfe4f4550000}9863/bin/psroot 11241100x8000000000000000527877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aab69c7d73596f2021-12-21 11:25:14.193root 11241100x8000000000000000527878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee06d72fe05034ce2021-12-21 11:25:14.194root 11241100x8000000000000000527879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6fea2f2d0372542021-12-21 11:25:14.194root 11241100x8000000000000000527880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb22541d1b563632021-12-21 11:25:14.194root 11241100x8000000000000000527881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667443c290fecbc32021-12-21 11:25:14.194root 11241100x8000000000000000527882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3ea3c71cdde85a2021-12-21 11:25:14.194root 11241100x8000000000000000527883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca65ddb61ffe4ff2021-12-21 11:25:14.194root 11241100x8000000000000000527884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e331594209040a82021-12-21 11:25:14.194root 11241100x8000000000000000527885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121e63f705bde2e72021-12-21 11:25:14.194root 11241100x8000000000000000527886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279cd0b8742f3c2c2021-12-21 11:25:14.194root 11241100x8000000000000000527887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97191ceaa27ea5df2021-12-21 11:25:14.194root 11241100x8000000000000000527888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f6fa1dd3eaa5392021-12-21 11:25:14.195root 11241100x8000000000000000527889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a543a2d842fcc5e2021-12-21 11:25:14.195root 11241100x8000000000000000527890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ab9d46b76f10a62021-12-21 11:25:14.195root 11241100x8000000000000000527891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e90cfa5f00c17e2021-12-21 11:25:14.195root 11241100x8000000000000000527892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd5d82d4211b9412021-12-21 11:25:14.195root 11241100x8000000000000000527893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed408f604843bb12021-12-21 11:25:14.195root 11241100x8000000000000000527894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba87359f9e810a2021-12-21 11:25:14.195root 11241100x8000000000000000527895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cb31645d76d6c62021-12-21 11:25:14.195root 11241100x8000000000000000527896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7eea812b2bcc22021-12-21 11:25:14.195root 11241100x8000000000000000527897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7be3de3a585c572021-12-21 11:25:14.195root 11241100x8000000000000000527898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6b9096f619c5062021-12-21 11:25:14.196root 11241100x8000000000000000527899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989cd9a24f0aef4a2021-12-21 11:25:14.196root 11241100x8000000000000000527900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dc44005bede4862021-12-21 11:25:14.196root 11241100x8000000000000000527901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7963e3f228018452021-12-21 11:25:14.196root 11241100x8000000000000000527902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f420459cecee63c22021-12-21 11:25:14.196root 11241100x8000000000000000527903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a7f22f3ef0a5442021-12-21 11:25:14.196root 11241100x8000000000000000527904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9219ea23625aa2e92021-12-21 11:25:14.693root 11241100x8000000000000000527905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf415c0baa52ea62021-12-21 11:25:14.694root 11241100x8000000000000000527906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1d0d13069b7bb2021-12-21 11:25:14.694root 11241100x8000000000000000527907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88566fe837ad50a72021-12-21 11:25:14.694root 11241100x8000000000000000527908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b99b9ac1d2711722021-12-21 11:25:14.694root 11241100x8000000000000000527909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b84f78ef6c8e3f2021-12-21 11:25:14.694root 11241100x8000000000000000527910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545227aef34543f52021-12-21 11:25:14.694root 11241100x8000000000000000527911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07175c9d075a9f22021-12-21 11:25:14.694root 11241100x8000000000000000527912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c2b05cf02ed3ab2021-12-21 11:25:14.694root 11241100x8000000000000000527913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ac62934c39e78a2021-12-21 11:25:14.694root 11241100x8000000000000000527914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379697ce71d0cc132021-12-21 11:25:14.695root 11241100x8000000000000000527915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d857954816e361862021-12-21 11:25:14.695root 11241100x8000000000000000527916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baadbad7e7d70ee2021-12-21 11:25:14.695root 11241100x8000000000000000527917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9cc97ee136e3f42021-12-21 11:25:14.695root 11241100x8000000000000000527918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ad1d15a8c975b2021-12-21 11:25:14.695root 11241100x8000000000000000527919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5995cd32f976e2021-12-21 11:25:14.695root 11241100x8000000000000000527920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d013ac986b90d0682021-12-21 11:25:14.695root 11241100x8000000000000000527921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455398706e00af022021-12-21 11:25:14.696root 11241100x8000000000000000527922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff4a05409f688c72021-12-21 11:25:14.696root 11241100x8000000000000000527923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3f5e8d93273262021-12-21 11:25:14.696root 11241100x8000000000000000527924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c80af93ab678d32021-12-21 11:25:14.696root 11241100x8000000000000000527925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6887e8e5f7d03fe2021-12-21 11:25:14.697root 11241100x8000000000000000527926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d697d8fce637d6792021-12-21 11:25:14.697root 11241100x8000000000000000527927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a270dff4b778bf812021-12-21 11:25:14.697root 11241100x8000000000000000527928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d55c2519a12a0f2021-12-21 11:25:14.697root 11241100x8000000000000000527929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f963b14b29c48322021-12-21 11:25:14.697root 11241100x8000000000000000527930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d14f17a1d964fce2021-12-21 11:25:14.697root 11241100x8000000000000000527931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da18090be3578532021-12-21 11:25:15.193root 11241100x8000000000000000527932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880cc7c90e61c402021-12-21 11:25:15.194root 11241100x8000000000000000527933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e05a1d2c83b15792021-12-21 11:25:15.194root 11241100x8000000000000000527934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b585e1174e3fae2021-12-21 11:25:15.194root 11241100x8000000000000000527935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140480bf1f8255db2021-12-21 11:25:15.194root 11241100x8000000000000000527936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5fbfe751a6e08f2021-12-21 11:25:15.194root 11241100x8000000000000000527937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7955838fc31d952021-12-21 11:25:15.194root 11241100x8000000000000000527938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd748eb741dc94f2021-12-21 11:25:15.194root 11241100x8000000000000000527939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e84d5b000972562021-12-21 11:25:15.194root 11241100x8000000000000000527940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e30c6286394b102021-12-21 11:25:15.194root 11241100x8000000000000000527941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66df9aa4c5a4b6e42021-12-21 11:25:15.194root 11241100x8000000000000000527942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be35ed90a828e8ce2021-12-21 11:25:15.194root 11241100x8000000000000000527943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3909dc854450c42021-12-21 11:25:15.194root 11241100x8000000000000000527944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f019dc8946ad9d2021-12-21 11:25:15.194root 11241100x8000000000000000527945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e3ebb90a0179ca2021-12-21 11:25:15.194root 11241100x8000000000000000527946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575564394925d66e2021-12-21 11:25:15.195root 11241100x8000000000000000527947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa39a0832f3ec782021-12-21 11:25:15.195root 11241100x8000000000000000527948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458ac5fa10b7b8972021-12-21 11:25:15.195root 11241100x8000000000000000527949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab266ec35b94f132021-12-21 11:25:15.195root 11241100x8000000000000000527950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a538717b70eca9af2021-12-21 11:25:15.195root 11241100x8000000000000000527951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6927c7f2ba4718fc2021-12-21 11:25:15.195root 11241100x8000000000000000527952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68a874cbfb699c72021-12-21 11:25:15.195root 11241100x8000000000000000527953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f953241acb40792021-12-21 11:25:15.195root 11241100x8000000000000000527954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40507506e715c23f2021-12-21 11:25:15.195root 11241100x8000000000000000527955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf4eda0e764c3d2021-12-21 11:25:15.195root 11241100x8000000000000000527956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a130cd4ec02b76ce2021-12-21 11:25:15.195root 11241100x8000000000000000527957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e9a63b8154d2322021-12-21 11:25:15.195root 11241100x8000000000000000527958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c65e8f5d676908f2021-12-21 11:25:15.694root 11241100x8000000000000000527959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b6f89a77724b992021-12-21 11:25:15.694root 11241100x8000000000000000527960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b98a693e5102412021-12-21 11:25:15.694root 11241100x8000000000000000527961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43eb0f78ba48fc42021-12-21 11:25:15.694root 11241100x8000000000000000527962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9fba692a013be72021-12-21 11:25:15.694root 11241100x8000000000000000527963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3398566d4b0e42021-12-21 11:25:15.694root 11241100x8000000000000000527964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10dd00feb0f38b32021-12-21 11:25:15.694root 11241100x8000000000000000527965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71330974eb9580672021-12-21 11:25:15.694root 11241100x8000000000000000527966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458b50548e17923e2021-12-21 11:25:15.694root 11241100x8000000000000000527967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd87f4378cbad22021-12-21 11:25:15.694root 11241100x8000000000000000527968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaf54525ae700152021-12-21 11:25:15.694root 11241100x8000000000000000527969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e860cc81a539b0c22021-12-21 11:25:15.694root 11241100x8000000000000000527970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe59f1c2a44f5e2021-12-21 11:25:15.694root 11241100x8000000000000000527971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daee36b28f81c3a42021-12-21 11:25:15.694root 11241100x8000000000000000527972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b85b9aa72c61b92021-12-21 11:25:15.694root 11241100x8000000000000000527973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44018a70b773ae62021-12-21 11:25:15.695root 11241100x8000000000000000527974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07195d4628267d132021-12-21 11:25:15.695root 11241100x8000000000000000527975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbb2530dc794b882021-12-21 11:25:15.695root 11241100x8000000000000000527976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68945ef20e4a19822021-12-21 11:25:15.695root 11241100x8000000000000000527977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a08e7642f6f5a62021-12-21 11:25:15.695root 11241100x8000000000000000527978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7696089a066089d92021-12-21 11:25:15.695root 11241100x8000000000000000527979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7305f16f753335b2021-12-21 11:25:15.695root 11241100x8000000000000000527980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e34883dc1fda072021-12-21 11:25:15.695root 354300x8000000000000000528009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:22.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48514-false10.0.1.12-8000- 11241100x8000000000000000528010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0a489d83e3af772021-12-21 11:25:22.442root 11241100x8000000000000000528011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fded3b51163f4a2f2021-12-21 11:25:22.942root 11241100x8000000000000000528012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3416750d93a35f22021-12-21 11:25:23.442root 11241100x8000000000000000528013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af125cbbd46860792021-12-21 11:25:23.942root 11241100x8000000000000000528014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb56f157bccfff112021-12-21 11:25:24.442root 11241100x8000000000000000528015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a906ff230f9011662021-12-21 11:25:24.942root 11241100x8000000000000000528016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fdadb373f2b5382021-12-21 11:25:25.442root 354300x8000000000000000528017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.449{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35580-false10.0.1.12-8089- 11241100x8000000000000000528018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3491d69254d6645e2021-12-21 11:25:25.942root 11241100x8000000000000000528019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781b7cb9e4b14f072021-12-21 11:25:25.943root 11241100x8000000000000000528020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e729433dd503bb2021-12-21 11:25:26.442root 11241100x8000000000000000528021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695b69a675e655b42021-12-21 11:25:26.442root 11241100x8000000000000000528022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285645ecb1a591322021-12-21 11:25:26.942root 11241100x8000000000000000528023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddb70c53ae73bd82021-12-21 11:25:26.943root 354300x8000000000000000528024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.258{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48518-false10.0.1.12-8000- 11241100x8000000000000000528025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc297d49982cc3652021-12-21 11:25:27.259root 11241100x8000000000000000528026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c494945863e9b07d2021-12-21 11:25:27.259root 11241100x8000000000000000528027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2713c2b88b3794fe2021-12-21 11:25:27.692root 11241100x8000000000000000528028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224bfdc93eb610902021-12-21 11:25:27.693root 11241100x8000000000000000528029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137739f3e9bdbfbd2021-12-21 11:25:27.693root 11241100x8000000000000000528030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e89f5f1c829462021-12-21 11:25:28.192root 11241100x8000000000000000528031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5a8e3974d11de52021-12-21 11:25:28.193root 11241100x8000000000000000528032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4f51e75bbfb6852021-12-21 11:25:28.193root 11241100x8000000000000000528033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f6d28f7f57a782021-12-21 11:25:28.692root 11241100x8000000000000000528034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9782ef9da0767c2021-12-21 11:25:28.693root 11241100x8000000000000000528035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d379d5dc395e7942021-12-21 11:25:28.693root 11241100x8000000000000000528036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4173c189d5238df2021-12-21 11:25:29.192root 11241100x8000000000000000528037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d787cb0b9bf58b832021-12-21 11:25:29.193root 11241100x8000000000000000528038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7060815aba6fc72021-12-21 11:25:29.193root 11241100x8000000000000000528039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f49c0d1d58788b2021-12-21 11:25:29.692root 11241100x8000000000000000528040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f912bdbc39bd22021-12-21 11:25:29.693root 11241100x8000000000000000528041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674dd31fb147205f2021-12-21 11:25:29.693root 11241100x8000000000000000528042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d440c2971cdce552021-12-21 11:25:30.192root 11241100x8000000000000000528043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6720cedf7861b10a2021-12-21 11:25:30.193root 11241100x8000000000000000528044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c32410f627c1c2021-12-21 11:25:30.193root 11241100x8000000000000000528045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c803538b1cddc72021-12-21 11:25:30.692root 11241100x8000000000000000528046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fc3138d64c52882021-12-21 11:25:30.693root 11241100x8000000000000000528047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c11ea1fcda181b72021-12-21 11:25:30.693root 11241100x8000000000000000528048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de28ff8fb751f502021-12-21 11:25:31.192root 11241100x8000000000000000528049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838239b935db97942021-12-21 11:25:31.193root 11241100x8000000000000000528050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473804f16d4fdac42021-12-21 11:25:31.193root 11241100x8000000000000000528051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001dc42ed2faab02021-12-21 11:25:31.692root 11241100x8000000000000000528052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb85158e4c3666cf2021-12-21 11:25:31.693root 11241100x8000000000000000528053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e868f3cc5cb2bba12021-12-21 11:25:31.693root 11241100x8000000000000000528054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149637ea9332313c2021-12-21 11:25:32.192root 11241100x8000000000000000528055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a498dddc712158822021-12-21 11:25:32.193root 11241100x8000000000000000528056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b621436a16cc6832021-12-21 11:25:32.193root 11241100x8000000000000000528057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63489cdafb1a7072021-12-21 11:25:32.692root 11241100x8000000000000000528058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94beb484f18f3a412021-12-21 11:25:32.693root 11241100x8000000000000000528059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0faefa1111f37c2021-12-21 11:25:32.693root 354300x8000000000000000528060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.166{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48520-false10.0.1.12-8000- 11241100x8000000000000000528061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13748fd93c9f5582021-12-21 11:25:33.166root 11241100x8000000000000000528062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdcc45c1d063572021-12-21 11:25:33.167root 11241100x8000000000000000528063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3306ea62f3ae6ca2021-12-21 11:25:33.167root 11241100x8000000000000000528064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f81c922437465d42021-12-21 11:25:33.167root 11241100x8000000000000000528065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9a6b040417a18f2021-12-21 11:25:33.442root 11241100x8000000000000000528066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4730548c81eb002021-12-21 11:25:33.443root 11241100x8000000000000000528067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1669a7d78dc3ce32021-12-21 11:25:33.443root 11241100x8000000000000000528068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82100f0a6c755ad2021-12-21 11:25:33.443root 11241100x8000000000000000528069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178703cd30acf6412021-12-21 11:25:33.942root 11241100x8000000000000000528070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec4bf3b61710e872021-12-21 11:25:33.943root 11241100x8000000000000000528071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7888f0d6e8db242021-12-21 11:25:33.943root 11241100x8000000000000000528072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcfd05e30b76ba32021-12-21 11:25:33.943root 11241100x8000000000000000528073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a53ae3e2e06fb672021-12-21 11:25:34.443root 11241100x8000000000000000528074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc996ee8f4e38c2021-12-21 11:25:34.443root 11241100x8000000000000000528075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1341334ff02474f2021-12-21 11:25:34.443root 11241100x8000000000000000528076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5348a22fb84f78592021-12-21 11:25:34.443root 11241100x8000000000000000528077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2769f51355154c9d2021-12-21 11:25:34.942root 11241100x8000000000000000528078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec8d0816c923b912021-12-21 11:25:34.943root 11241100x8000000000000000528079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839e0d40f4e2a0d12021-12-21 11:25:34.943root 11241100x8000000000000000528080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cc0d20d6fa58d52021-12-21 11:25:34.943root 11241100x8000000000000000528081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b50ea6d9306a202021-12-21 11:25:35.442root 11241100x8000000000000000528082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96acb397b2ae2ad22021-12-21 11:25:35.443root 11241100x8000000000000000528083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affa46eeb8023a0d2021-12-21 11:25:35.443root 11241100x8000000000000000528084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9399318c5beb182021-12-21 11:25:35.443root 11241100x8000000000000000528085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e841aaa200b574882021-12-21 11:25:35.942root 11241100x8000000000000000528086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfaf572c6691c182021-12-21 11:25:35.943root 11241100x8000000000000000528087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9163ea3f2d417d52021-12-21 11:25:35.943root 11241100x8000000000000000528088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb496e31bea62a32021-12-21 11:25:35.943root 11241100x8000000000000000528089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:25:36.328root 11241100x8000000000000000528090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa76ad71e0aacdc2021-12-21 11:25:36.329root 11241100x8000000000000000528091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e91fbb91d66bf92021-12-21 11:25:36.329root 11241100x8000000000000000528092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5be1f3694529982021-12-21 11:25:36.329root 11241100x8000000000000000528093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79827e7c794f9b292021-12-21 11:25:36.329root 11241100x8000000000000000528094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7b6c54754070132021-12-21 11:25:36.329root 11241100x8000000000000000528095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142407d786520c0a2021-12-21 11:25:36.693root 11241100x8000000000000000528096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0dfaead26c14832021-12-21 11:25:36.693root 11241100x8000000000000000528097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43daae48a1a3bfea2021-12-21 11:25:36.693root 11241100x8000000000000000528098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e651795aae01652021-12-21 11:25:36.693root 11241100x8000000000000000528099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c879632b53b00412021-12-21 11:25:36.693root 11241100x8000000000000000528100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a77ec8af273b822021-12-21 11:25:37.193root 11241100x8000000000000000528101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f98742c550bd6152021-12-21 11:25:37.193root 11241100x8000000000000000528102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb309fafd0f5eec2021-12-21 11:25:37.193root 11241100x8000000000000000528103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2f689b770c3e622021-12-21 11:25:37.193root 11241100x8000000000000000528104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b39c0753481b52021-12-21 11:25:37.193root 11241100x8000000000000000528105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b081facdbf112992021-12-21 11:25:37.693root 11241100x8000000000000000528106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1916a02e82e176672021-12-21 11:25:37.693root 11241100x8000000000000000528107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b98d3ea72194bca2021-12-21 11:25:37.693root 11241100x8000000000000000528108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5babdf72072b063b2021-12-21 11:25:37.693root 11241100x8000000000000000528109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60c7f8c025ae11e2021-12-21 11:25:37.693root 11241100x8000000000000000528110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d6ea571e5e13c42021-12-21 11:25:38.193root 11241100x8000000000000000528111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43866c76e45180e2021-12-21 11:25:38.193root 11241100x8000000000000000528112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7510e00bc54929a2021-12-21 11:25:38.193root 11241100x8000000000000000528113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e15b33a8ba19092021-12-21 11:25:38.193root 11241100x8000000000000000528114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4665b687132b39d2021-12-21 11:25:38.193root 354300x8000000000000000528115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48522-false10.0.1.12-8000- 11241100x8000000000000000528116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12d8a46785dc1c2021-12-21 11:25:38.693root 11241100x8000000000000000528117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211f431a0ff1f2c32021-12-21 11:25:38.693root 11241100x8000000000000000528118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d9d81131c50312021-12-21 11:25:38.693root 11241100x8000000000000000528119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb1f347204d48a12021-12-21 11:25:38.693root 11241100x8000000000000000528120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabe815e43739e982021-12-21 11:25:38.693root 11241100x8000000000000000528121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa462a663495e362021-12-21 11:25:38.693root 11241100x8000000000000000528122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62134aca3a2d4e842021-12-21 11:25:39.193root 11241100x8000000000000000528123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b5d220197ae102021-12-21 11:25:39.193root 11241100x8000000000000000528124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe48a84f2a2caab2021-12-21 11:25:39.193root 11241100x8000000000000000528125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae5c27f925790af2021-12-21 11:25:39.193root 11241100x8000000000000000528126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58c8e76d7a7a8e2021-12-21 11:25:39.193root 11241100x8000000000000000528127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7430ce79a7c163162021-12-21 11:25:39.193root 23542300x8000000000000000528128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000528129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643c49daa4bf3272021-12-21 11:25:39.693root 11241100x8000000000000000528130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547e1e2e8cd74b322021-12-21 11:25:39.693root 11241100x8000000000000000528131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69da09d63be9f702021-12-21 11:25:39.693root 11241100x8000000000000000528132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff1f2e526fb25da2021-12-21 11:25:39.693root 11241100x8000000000000000528133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e515dd5e3dc2442021-12-21 11:25:39.693root 11241100x8000000000000000528134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3241c5da208dd3112021-12-21 11:25:39.693root 11241100x8000000000000000528135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac439874fceba4f2021-12-21 11:25:39.693root 11241100x8000000000000000528136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52427bd0a17c8bbb2021-12-21 11:25:40.193root 11241100x8000000000000000528137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a51f22328deb4f2021-12-21 11:25:40.193root 11241100x8000000000000000528138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3bc5b5fbd55602021-12-21 11:25:40.193root 11241100x8000000000000000528139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6459e09dc5efe9682021-12-21 11:25:40.193root 11241100x8000000000000000528140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c6d691b568e02a2021-12-21 11:25:40.193root 11241100x8000000000000000528141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67a8acddb273f742021-12-21 11:25:40.193root 11241100x8000000000000000528142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88dd15b1f0a12612021-12-21 11:25:40.193root 11241100x8000000000000000528143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806fb9aa2c197f22021-12-21 11:25:40.693root 11241100x8000000000000000528144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d166bba37946f392021-12-21 11:25:40.693root 11241100x8000000000000000528145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1045efb55739227b2021-12-21 11:25:40.693root 11241100x8000000000000000528146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba4affe610119a32021-12-21 11:25:40.693root 11241100x8000000000000000528147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da66400238353db2021-12-21 11:25:40.693root 11241100x8000000000000000528148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d5a0af84732d62021-12-21 11:25:40.693root 11241100x8000000000000000528149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277f620bce69fa6f2021-12-21 11:25:40.693root 11241100x8000000000000000528150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652701e321a8990f2021-12-21 11:25:41.193root 11241100x8000000000000000528151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a6d4bf691d5d42021-12-21 11:25:41.193root 11241100x8000000000000000528152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171a74f962f3066f2021-12-21 11:25:41.193root 11241100x8000000000000000528153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df2d17dd32f4312021-12-21 11:25:41.193root 11241100x8000000000000000528154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f325bb6ce615b32021-12-21 11:25:41.193root 11241100x8000000000000000528155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e32b426147ed92021-12-21 11:25:41.193root 11241100x8000000000000000528156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1ae3f9e10e59902021-12-21 11:25:41.193root 11241100x8000000000000000528157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b517de00c39b792021-12-21 11:25:41.693root 11241100x8000000000000000528158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2b2cecab2dd3842021-12-21 11:25:41.693root 11241100x8000000000000000528159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd548f61006d8072021-12-21 11:25:41.693root 11241100x8000000000000000528160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ee6f114ffb24a72021-12-21 11:25:41.693root 11241100x8000000000000000528161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31531de95e1eba382021-12-21 11:25:41.693root 11241100x8000000000000000528162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871212c4dbe9a73c2021-12-21 11:25:41.693root 11241100x8000000000000000528163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd82bb875354c002021-12-21 11:25:41.693root 11241100x8000000000000000528164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44384eabc7d233532021-12-21 11:25:42.193root 11241100x8000000000000000528165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a394eb301e2382021-12-21 11:25:42.194root 11241100x8000000000000000528166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83522e4d12fe490d2021-12-21 11:25:42.194root 11241100x8000000000000000528167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e1cd928d56bb9c2021-12-21 11:25:42.194root 11241100x8000000000000000528168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9244c280379256a92021-12-21 11:25:42.194root 11241100x8000000000000000528169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ba7cbabbab6e812021-12-21 11:25:42.194root 11241100x8000000000000000528170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0b6bdd948515e2021-12-21 11:25:42.195root 11241100x8000000000000000528171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3431e6c32dde27572021-12-21 11:25:42.692root 11241100x8000000000000000528172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632f44ef4542dc682021-12-21 11:25:42.693root 11241100x8000000000000000528173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff041fedfdaec3a2021-12-21 11:25:42.693root 11241100x8000000000000000528174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de85565a29a10b72021-12-21 11:25:42.693root 11241100x8000000000000000528175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1cbbb4a6d976322021-12-21 11:25:42.693root 11241100x8000000000000000528176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c9c43db15da8d2021-12-21 11:25:42.693root 11241100x8000000000000000528177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a008ba92d4e4032021-12-21 11:25:42.693root 11241100x8000000000000000528178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ffbf88700acfcb2021-12-21 11:25:43.193root 11241100x8000000000000000528179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b52321847006f92021-12-21 11:25:43.193root 11241100x8000000000000000528180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8f0e0b590755132021-12-21 11:25:43.193root 11241100x8000000000000000528181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9855498c46c43f372021-12-21 11:25:43.193root 11241100x8000000000000000528182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287e37953ee208c2021-12-21 11:25:43.193root 11241100x8000000000000000528183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f291357c506c8fba2021-12-21 11:25:43.193root 11241100x8000000000000000528184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310a1e1c4009568b2021-12-21 11:25:43.193root 11241100x8000000000000000528185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe10390a79a45512021-12-21 11:25:43.693root 11241100x8000000000000000528186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee441b26a3da5ad2021-12-21 11:25:43.693root 11241100x8000000000000000528187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a364d19bd32c47b72021-12-21 11:25:43.693root 11241100x8000000000000000528188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f570e1d99aaee722021-12-21 11:25:43.693root 11241100x8000000000000000528189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621ff3a09ee75ff2021-12-21 11:25:43.693root 11241100x8000000000000000528190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e749057363382652021-12-21 11:25:43.693root 11241100x8000000000000000528191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e201b6819bf3f5472021-12-21 11:25:43.693root 11241100x8000000000000000528192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6ac6427f825af62021-12-21 11:25:44.193root 11241100x8000000000000000528193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ad033327c32dc2021-12-21 11:25:44.193root 11241100x8000000000000000528194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37659924665df102021-12-21 11:25:44.193root 11241100x8000000000000000528195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f445e48a8bb8c672021-12-21 11:25:44.193root 11241100x8000000000000000528196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176be57c9135b7b72021-12-21 11:25:44.193root 11241100x8000000000000000528197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc7b22f75823a4d2021-12-21 11:25:44.193root 11241100x8000000000000000528198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc574d1aa78681d42021-12-21 11:25:44.193root 354300x8000000000000000528199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.227{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48524-false10.0.1.12-8000- 11241100x8000000000000000528200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecca87899e518422021-12-21 11:25:44.693root 11241100x8000000000000000528201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a097f80d12991172021-12-21 11:25:44.693root 11241100x8000000000000000528202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e329cde8f799f8d82021-12-21 11:25:44.693root 11241100x8000000000000000528203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954c63151bb2ca2f2021-12-21 11:25:44.693root 11241100x8000000000000000528204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead8ec02dd6337b02021-12-21 11:25:44.693root 11241100x8000000000000000528205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cca03d6fae74a562021-12-21 11:25:44.694root 11241100x8000000000000000528206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba7d58d10653df2021-12-21 11:25:44.694root 11241100x8000000000000000528207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f458ce0dec8a8e2021-12-21 11:25:44.694root 11241100x8000000000000000528208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1158c3697e660ef02021-12-21 11:25:45.193root 11241100x8000000000000000528209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7a5d7b3d275bd2021-12-21 11:25:45.193root 11241100x8000000000000000528210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73796ceaa20e41fe2021-12-21 11:25:45.193root 11241100x8000000000000000528211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93954434c5785bd2021-12-21 11:25:45.193root 11241100x8000000000000000528212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c58b48691cdb72021-12-21 11:25:45.193root 11241100x8000000000000000528213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605375dae1a5e6942021-12-21 11:25:45.193root 11241100x8000000000000000528214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9334d7cee46cc82021-12-21 11:25:45.193root 11241100x8000000000000000528215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac195a36039c4342021-12-21 11:25:45.193root 11241100x8000000000000000528216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa43ae7f646d2da2021-12-21 11:25:45.693root 11241100x8000000000000000528217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e50d8069e832c32021-12-21 11:25:45.693root 11241100x8000000000000000528218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f1c9748b65f8ca2021-12-21 11:25:45.693root 11241100x8000000000000000528219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a061bddd4b4a342021-12-21 11:25:45.693root 11241100x8000000000000000528220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d7cd8fcc74127a2021-12-21 11:25:45.693root 11241100x8000000000000000528221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a79d95aa5a374992021-12-21 11:25:45.693root 11241100x8000000000000000528222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b6362ab843f6b72021-12-21 11:25:45.693root 11241100x8000000000000000528223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65a4457fadb31d2021-12-21 11:25:45.693root 11241100x8000000000000000528224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08416669f979b4b2021-12-21 11:25:46.193root 11241100x8000000000000000528225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a6607111b281d82021-12-21 11:25:46.193root 11241100x8000000000000000528226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51aebef8349024a2021-12-21 11:25:46.193root 11241100x8000000000000000528227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84ff2073899c7f42021-12-21 11:25:46.193root 11241100x8000000000000000528228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240e5aca1d61846e2021-12-21 11:25:46.193root 11241100x8000000000000000528229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35311886f62928bf2021-12-21 11:25:46.193root 11241100x8000000000000000528230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375bd64137663d652021-12-21 11:25:46.193root 11241100x8000000000000000528231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89328af15d0318652021-12-21 11:25:46.193root 11241100x8000000000000000528232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a63e6730fc58b2021-12-21 11:25:46.693root 11241100x8000000000000000528233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca6e17d315af4132021-12-21 11:25:46.693root 11241100x8000000000000000528234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12769d1afb28ee302021-12-21 11:25:46.693root 11241100x8000000000000000528235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e13ed4367a4ce732021-12-21 11:25:46.693root 11241100x8000000000000000528236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680adee0e140f9542021-12-21 11:25:46.693root 11241100x8000000000000000528237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eb0ba9051b00c72021-12-21 11:25:46.694root 11241100x8000000000000000528238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1af843f8ea1962021-12-21 11:25:46.694root 11241100x8000000000000000528239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166d1ae99c7f6ced2021-12-21 11:25:46.694root 11241100x8000000000000000528240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c091222cbbf7f2021-12-21 11:25:47.193root 11241100x8000000000000000528241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb27d0fec69ae2f2021-12-21 11:25:47.193root 11241100x8000000000000000528242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418273b42121f8f02021-12-21 11:25:47.193root 11241100x8000000000000000528243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f95831d25323462021-12-21 11:25:47.193root 11241100x8000000000000000528244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881e6b2cbb96ccc2021-12-21 11:25:47.193root 11241100x8000000000000000528245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc5ffa291b38b902021-12-21 11:25:47.193root 11241100x8000000000000000528246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa29fb04b6b991862021-12-21 11:25:47.193root 11241100x8000000000000000528247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765aefa0c7b50fa2021-12-21 11:25:47.193root 11241100x8000000000000000528248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea8a2328bf55232021-12-21 11:25:47.692root 11241100x8000000000000000528249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed5207d94fda5212021-12-21 11:25:47.693root 11241100x8000000000000000528250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe4cfc1b1a207d2021-12-21 11:25:47.693root 11241100x8000000000000000528251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5578ba4d26cc452021-12-21 11:25:47.693root 11241100x8000000000000000528252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351425354fe91bfa2021-12-21 11:25:47.693root 11241100x8000000000000000528253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68293242747e8172021-12-21 11:25:47.693root 11241100x8000000000000000528254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27bc4f0c30bdd32021-12-21 11:25:47.693root 11241100x8000000000000000528255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f55c3834c8a762e2021-12-21 11:25:47.693root 11241100x8000000000000000528256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53223596d5517d612021-12-21 11:25:48.193root 11241100x8000000000000000528257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bf3f6deaf413402021-12-21 11:25:48.193root 11241100x8000000000000000528258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4026109c9510b1302021-12-21 11:25:48.193root 11241100x8000000000000000528259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d528de5bbc564ba62021-12-21 11:25:48.193root 11241100x8000000000000000528260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cdb340151aeae92021-12-21 11:25:48.193root 11241100x8000000000000000528261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38784905952a75cf2021-12-21 11:25:48.193root 11241100x8000000000000000528262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9bd4ce6da64c292021-12-21 11:25:48.193root 11241100x8000000000000000528263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8bf26e45f9f5572021-12-21 11:25:48.193root 11241100x8000000000000000528264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6500e09d00eb3d0a2021-12-21 11:25:48.693root 11241100x8000000000000000528265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4919b118ddb4bc8f2021-12-21 11:25:48.693root 11241100x8000000000000000528266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ad5eaf2845f3d32021-12-21 11:25:48.693root 11241100x8000000000000000528267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ae3b849b1b8ee52021-12-21 11:25:48.693root 11241100x8000000000000000528268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a053fd19cd2f522021-12-21 11:25:48.693root 11241100x8000000000000000528269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb08cd7e4a80d73b2021-12-21 11:25:48.693root 11241100x8000000000000000528270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda112991fb975622021-12-21 11:25:48.693root 11241100x8000000000000000528271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c644bc6703ac3bb2021-12-21 11:25:48.693root 11241100x8000000000000000528272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38226c4a9dc062b2021-12-21 11:25:49.193root 11241100x8000000000000000528273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76873b7a3ffb1f1b2021-12-21 11:25:49.193root 11241100x8000000000000000528274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cc6ac855bfc5282021-12-21 11:25:49.193root 11241100x8000000000000000528275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e184e2d4e2cf06662021-12-21 11:25:49.193root 11241100x8000000000000000528276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0179e603824281f52021-12-21 11:25:49.193root 11241100x8000000000000000528277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64316cfcd62143f2021-12-21 11:25:49.194root 11241100x8000000000000000528278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7ded92554bcf22021-12-21 11:25:49.194root 11241100x8000000000000000528279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea426bb6d826962021-12-21 11:25:49.194root 11241100x8000000000000000528280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb61b155ad307892021-12-21 11:25:49.693root 11241100x8000000000000000528281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba023efab4988402021-12-21 11:25:49.693root 11241100x8000000000000000528282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223341db79c8dab02021-12-21 11:25:49.693root 11241100x8000000000000000528283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4263279a67ca8362021-12-21 11:25:49.693root 11241100x8000000000000000528284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f59f47d1f4fac62021-12-21 11:25:49.693root 11241100x8000000000000000528285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4013f6c5d6e1c22021-12-21 11:25:49.693root 11241100x8000000000000000528286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ee7e2a43e2e4f2021-12-21 11:25:49.693root 11241100x8000000000000000528287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d916b29dba9a492021-12-21 11:25:49.693root 354300x8000000000000000528288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.036{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48526-false10.0.1.12-8000- 11241100x8000000000000000528289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e21948bc99b4fa2021-12-21 11:25:50.038root 11241100x8000000000000000528290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0092be2332c68a12021-12-21 11:25:50.038root 11241100x8000000000000000528291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7520308eaed9b4272021-12-21 11:25:50.038root 11241100x8000000000000000528292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6460962a2d45c88a2021-12-21 11:25:50.038root 11241100x8000000000000000528293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0857a29e46ab0ae2021-12-21 11:25:50.038root 11241100x8000000000000000528294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b77e4fde0fef4262021-12-21 11:25:50.038root 11241100x8000000000000000528295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec2539f66bfbb692021-12-21 11:25:50.038root 11241100x8000000000000000528296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad97e25f962c49ef2021-12-21 11:25:50.038root 11241100x8000000000000000528297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a59f4ffdb5793e2021-12-21 11:25:50.038root 11241100x8000000000000000528298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a1b86ace2c14062021-12-21 11:25:50.443root 11241100x8000000000000000528299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b49a19f0a6c7eff2021-12-21 11:25:50.443root 11241100x8000000000000000528300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4df2e69a4757262021-12-21 11:25:50.443root 11241100x8000000000000000528301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12252ab537ffd6c2021-12-21 11:25:50.443root 11241100x8000000000000000528302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9adcf3dcab8f3e82021-12-21 11:25:50.444root 11241100x8000000000000000528303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fcf0dd85d852062021-12-21 11:25:50.444root 11241100x8000000000000000528304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbb6888b1e08f432021-12-21 11:25:50.444root 11241100x8000000000000000528305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd1fc9cde52df372021-12-21 11:25:50.444root 11241100x8000000000000000528306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6792d9e78ee47c2021-12-21 11:25:50.444root 11241100x8000000000000000528307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caa5027633ba7de2021-12-21 11:25:50.943root 11241100x8000000000000000528308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62646c6ed73d907e2021-12-21 11:25:50.943root 11241100x8000000000000000528309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9598cbd7fbd3472021-12-21 11:25:50.943root 11241100x8000000000000000528310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d27ef8e5c699f12021-12-21 11:25:50.943root 11241100x8000000000000000528311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e7188262375a42021-12-21 11:25:50.943root 11241100x8000000000000000528312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964d93b1ccddc362021-12-21 11:25:50.943root 11241100x8000000000000000528313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ce9cf227e6cdc2021-12-21 11:25:50.943root 11241100x8000000000000000528314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591b2ac7aeb045ed2021-12-21 11:25:50.943root 11241100x8000000000000000528315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca0a55403d8fba2021-12-21 11:25:50.943root 11241100x8000000000000000528316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2e216aa2176e912021-12-21 11:25:51.443root 11241100x8000000000000000528317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc6aabd012cb332021-12-21 11:25:51.443root 11241100x8000000000000000528318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1788b388a465dc642021-12-21 11:25:51.443root 11241100x8000000000000000528319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f6a8f84f2f64e32021-12-21 11:25:51.443root 11241100x8000000000000000528320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adee16728ab886b2021-12-21 11:25:51.443root 11241100x8000000000000000528321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888566d5699673cf2021-12-21 11:25:51.443root 11241100x8000000000000000528322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c7ffbccdbfd84b2021-12-21 11:25:51.443root 11241100x8000000000000000528323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e487b7b6170632802021-12-21 11:25:51.443root 11241100x8000000000000000528324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069e6215336801be2021-12-21 11:25:51.443root 11241100x8000000000000000528325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d91c69ec58e2e2021-12-21 11:25:51.943root 11241100x8000000000000000528326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c40e7b346c7cb22021-12-21 11:25:51.943root 11241100x8000000000000000528327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09322f7c01d51c882021-12-21 11:25:51.943root 11241100x8000000000000000528328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8927ae92dbe5c5582021-12-21 11:25:51.943root 11241100x8000000000000000528329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575cc21677ccb9cf2021-12-21 11:25:51.943root 11241100x8000000000000000528330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28adc987ef2bfd0c2021-12-21 11:25:51.943root 11241100x8000000000000000528331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cdb51c919557732021-12-21 11:25:51.943root 11241100x8000000000000000528332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b44afcac342c252021-12-21 11:25:51.943root 11241100x8000000000000000528333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44b364cc0c1244b2021-12-21 11:25:51.943root 11241100x8000000000000000528334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b829e7e882937552021-12-21 11:25:52.442root 11241100x8000000000000000528335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edc763c53b753822021-12-21 11:25:52.443root 11241100x8000000000000000528336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5d12eb4d3177782021-12-21 11:25:52.443root 11241100x8000000000000000528337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105254b77c6dd0262021-12-21 11:25:52.443root 11241100x8000000000000000528338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dde5c58990f1e182021-12-21 11:25:52.443root 11241100x8000000000000000528339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b41d358ed6ab3f2021-12-21 11:25:52.444root 11241100x8000000000000000528340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5739de155cc60cbe2021-12-21 11:25:52.444root 11241100x8000000000000000528341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b449b85999358e7b2021-12-21 11:25:52.444root 11241100x8000000000000000528342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d15b10f2f9435af2021-12-21 11:25:52.444root 11241100x8000000000000000528343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8452451d98800c592021-12-21 11:25:52.943root 11241100x8000000000000000528344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b7bdc293e3ccab2021-12-21 11:25:52.943root 11241100x8000000000000000528345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a1fdc504639462021-12-21 11:25:52.943root 11241100x8000000000000000528346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21d92814284aa22021-12-21 11:25:52.943root 11241100x8000000000000000528347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71495af50c368e952021-12-21 11:25:52.943root 11241100x8000000000000000528348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d4880bd6bcd5cd2021-12-21 11:25:52.943root 11241100x8000000000000000528349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d890a6ce8ca93c2021-12-21 11:25:52.943root 11241100x8000000000000000528350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526eaf6a8ccecd662021-12-21 11:25:52.943root 11241100x8000000000000000528351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1bb3fc5e82460b2021-12-21 11:25:52.943root 11241100x8000000000000000528352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8a713a7c2b4c92021-12-21 11:25:53.443root 11241100x8000000000000000528353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4f0d1a33646a3b2021-12-21 11:25:53.443root 11241100x8000000000000000528354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33986c8d49af7e2021-12-21 11:25:53.443root 11241100x8000000000000000528355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2ddeaaa3437132021-12-21 11:25:53.443root 11241100x8000000000000000528356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fa736fbe9947e32021-12-21 11:25:53.443root 11241100x8000000000000000528357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9842cc6d5611b2852021-12-21 11:25:53.443root 11241100x8000000000000000528358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9935d76747006d272021-12-21 11:25:53.443root 11241100x8000000000000000528359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56533ecb33d2c5382021-12-21 11:25:53.443root 11241100x8000000000000000528360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e165f71f117a72021-12-21 11:25:53.443root 11241100x8000000000000000528361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d60f07b0485bf52021-12-21 11:25:53.943root 11241100x8000000000000000528362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcee3b4666e249862021-12-21 11:25:53.943root 11241100x8000000000000000528363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4b5fc4307fee42021-12-21 11:25:53.943root 11241100x8000000000000000528364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e8b1d78c0aba7c2021-12-21 11:25:53.943root 11241100x8000000000000000528365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0436959c1daab0a72021-12-21 11:25:53.943root 11241100x8000000000000000528366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f32b3fe7b2cc052021-12-21 11:25:53.943root 11241100x8000000000000000528367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f63f0825d0cfc82021-12-21 11:25:53.943root 11241100x8000000000000000528368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f598c740e6ffe22021-12-21 11:25:53.944root 11241100x8000000000000000528369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4019bc1399711c9d2021-12-21 11:25:53.944root 11241100x8000000000000000528370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc8e0d6e4dadf892021-12-21 11:25:54.443root 11241100x8000000000000000528371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36e96aed8e3b77a2021-12-21 11:25:54.443root 11241100x8000000000000000528372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b6d26503f09e082021-12-21 11:25:54.443root 11241100x8000000000000000528373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b2093df80721ef2021-12-21 11:25:54.443root 11241100x8000000000000000528374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc971c60bfdb992021-12-21 11:25:54.443root 11241100x8000000000000000528375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef016e17ca97e21f2021-12-21 11:25:54.443root 11241100x8000000000000000528376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d8adf3e321408f2021-12-21 11:25:54.443root 11241100x8000000000000000528377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e135ba3eb45839892021-12-21 11:25:54.443root 11241100x8000000000000000528378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198b3216376df2752021-12-21 11:25:54.443root 11241100x8000000000000000528379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22f41bb2da1fc12021-12-21 11:25:54.943root 11241100x8000000000000000528380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712a6b70f7b51442021-12-21 11:25:54.943root 11241100x8000000000000000528381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a70b01d44ebb03c2021-12-21 11:25:54.943root 11241100x8000000000000000528382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e0306c4cdf0652021-12-21 11:25:54.943root 11241100x8000000000000000528383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b4008f7b186b62021-12-21 11:25:54.943root 11241100x8000000000000000528384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4075507ef5a442021-12-21 11:25:54.943root 11241100x8000000000000000528385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b2cf0c3b2afd02021-12-21 11:25:54.943root 11241100x8000000000000000528386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec546e42fc41b0662021-12-21 11:25:54.943root 11241100x8000000000000000528387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6cfe0b1eb93d8a2021-12-21 11:25:54.943root 354300x8000000000000000528388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.226{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48528-false10.0.1.12-8000- 11241100x8000000000000000528389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583728fe51e050e32021-12-21 11:25:55.227root 11241100x8000000000000000528390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2ccc3eaaf32e132021-12-21 11:25:55.228root 11241100x8000000000000000528391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927891f85483a4b02021-12-21 11:25:55.228root 11241100x8000000000000000528392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e445bf720d6d63fa2021-12-21 11:25:55.228root 11241100x8000000000000000528393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc673fe231ab6552021-12-21 11:25:55.228root 11241100x8000000000000000528394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da356a03a528f08a2021-12-21 11:25:55.228root 11241100x8000000000000000528395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98852c41c78c48712021-12-21 11:25:55.228root 11241100x8000000000000000528396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be8c200f3ba59c02021-12-21 11:25:55.228root 11241100x8000000000000000528397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fefc0d177afb12f2021-12-21 11:25:55.228root 11241100x8000000000000000528398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbff3917577cd3a2021-12-21 11:25:55.228root 11241100x8000000000000000528399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77dea63b674cc7d2021-12-21 11:25:55.693root 11241100x8000000000000000528400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a12b80cfb4ee9cc2021-12-21 11:25:55.693root 11241100x8000000000000000528401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b0cf51785106e02021-12-21 11:25:55.693root 11241100x8000000000000000528402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dda5586e4a2450a2021-12-21 11:25:55.693root 11241100x8000000000000000528403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c71aca51f8f666e2021-12-21 11:25:55.694root 11241100x8000000000000000528404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1b5677ed40dda12021-12-21 11:25:55.694root 11241100x8000000000000000528405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bd8ec9bef610072021-12-21 11:25:55.694root 11241100x8000000000000000528406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6ffc3ea6386d672021-12-21 11:25:55.694root 11241100x8000000000000000528407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9348099224112992021-12-21 11:25:55.694root 11241100x8000000000000000528408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bffc8ac572c12f92021-12-21 11:25:55.694root 11241100x8000000000000000528409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6301331d596772021-12-21 11:25:56.192root 11241100x8000000000000000528410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96483fea413703fe2021-12-21 11:25:56.193root 11241100x8000000000000000528411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc29b4130acbe9682021-12-21 11:25:56.193root 11241100x8000000000000000528412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105389d69bf205912021-12-21 11:25:56.193root 11241100x8000000000000000528413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085f6da68154018b2021-12-21 11:25:56.193root 11241100x8000000000000000528414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c2e65d59951c292021-12-21 11:25:56.193root 11241100x8000000000000000528415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80ecc62980de91c2021-12-21 11:25:56.193root 11241100x8000000000000000528416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4f322de71b634d2021-12-21 11:25:56.193root 11241100x8000000000000000528417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec12c308a9b72c642021-12-21 11:25:56.193root 11241100x8000000000000000528418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247167a017319f22021-12-21 11:25:56.193root 11241100x8000000000000000528419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f287f99fde1907372021-12-21 11:25:56.193root 11241100x8000000000000000528420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a2f296af6c88682021-12-21 11:25:56.193root 11241100x8000000000000000528421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e57ea81585a2d722021-12-21 11:25:56.194root 11241100x8000000000000000528422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb73ab431c69e1772021-12-21 11:25:56.194root 11241100x8000000000000000528423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef923401787825512021-12-21 11:25:56.194root 11241100x8000000000000000528424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00203ce4d2ce42712021-12-21 11:25:56.693root 11241100x8000000000000000528425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6987ee38ac4b1312021-12-21 11:25:56.693root 11241100x8000000000000000528426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34519b904bc948cb2021-12-21 11:25:56.693root 11241100x8000000000000000528427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a46ee34ee2fa8d22021-12-21 11:25:56.693root 11241100x8000000000000000528428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c1d44ac19191b2021-12-21 11:25:56.693root 11241100x8000000000000000528429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18e9e4499c790c12021-12-21 11:25:56.693root 11241100x8000000000000000528430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36373fdd42e35e602021-12-21 11:25:56.693root 11241100x8000000000000000528431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322ff892bbc169d02021-12-21 11:25:56.693root 11241100x8000000000000000528432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb2f7d4722c3d882021-12-21 11:25:56.694root 11241100x8000000000000000528433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3889ade2bb3ce1a22021-12-21 11:25:56.694root 11241100x8000000000000000528434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774bc6267735869e2021-12-21 11:25:57.193root 11241100x8000000000000000528435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f664fd11e73202021-12-21 11:25:57.193root 11241100x8000000000000000528436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119cf0cae53db432021-12-21 11:25:57.193root 11241100x8000000000000000528437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb867e18f71c7d2021-12-21 11:25:57.193root 11241100x8000000000000000528438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926371bb0e2dd4702021-12-21 11:25:57.193root 11241100x8000000000000000528439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6d0c38138913b2021-12-21 11:25:57.193root 11241100x8000000000000000528440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4f45aa9a06cbdc2021-12-21 11:25:57.193root 11241100x8000000000000000528441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24739bab4426cd02021-12-21 11:25:57.193root 11241100x8000000000000000528442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b7dd826a7778712021-12-21 11:25:57.193root 11241100x8000000000000000528443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deee873d9fbe36982021-12-21 11:25:57.193root 11241100x8000000000000000528444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a54c938cdb2c642021-12-21 11:25:57.693root 11241100x8000000000000000528445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaea6e262233e212021-12-21 11:25:57.693root 11241100x8000000000000000528446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc850308f3ba5e32021-12-21 11:25:57.693root 11241100x8000000000000000528447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa3d41eeb4e92752021-12-21 11:25:57.693root 11241100x8000000000000000528448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0cb5fbf008c4af2021-12-21 11:25:57.693root 11241100x8000000000000000528449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a19f9443df8e582021-12-21 11:25:57.693root 11241100x8000000000000000528450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e9317dad2112652021-12-21 11:25:57.693root 11241100x8000000000000000528451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6159e068b4e85db2021-12-21 11:25:57.694root 11241100x8000000000000000528452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d5ea3c164edba42021-12-21 11:25:57.694root 11241100x8000000000000000528453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a845e6c582c0f98e2021-12-21 11:25:57.694root 11241100x8000000000000000528454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a5509c9ae4633f2021-12-21 11:25:58.193root 11241100x8000000000000000528455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15917f1eda6643bf2021-12-21 11:25:58.193root 11241100x8000000000000000528456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20305db9fbff10e72021-12-21 11:25:58.193root 11241100x8000000000000000528457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13b295fededbd182021-12-21 11:25:58.193root 11241100x8000000000000000528458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8dd998f27e6ea42021-12-21 11:25:58.193root 11241100x8000000000000000528459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9352844d2212bc192021-12-21 11:25:58.193root 11241100x8000000000000000528460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9337b2b8328ef1c92021-12-21 11:25:58.193root 11241100x8000000000000000528461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29462042685fe89a2021-12-21 11:25:58.193root 11241100x8000000000000000528462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ff5eff5f0de20a2021-12-21 11:25:58.193root 11241100x8000000000000000528463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe61e84ce5717e5c2021-12-21 11:25:58.193root 11241100x8000000000000000528464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c937b49049c59dcc2021-12-21 11:25:58.693root 11241100x8000000000000000528465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e59cfe442239b932021-12-21 11:25:58.693root 11241100x8000000000000000528466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e969a12900d6a6072021-12-21 11:25:58.693root 11241100x8000000000000000528467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f61d4ab71488ec2021-12-21 11:25:58.693root 11241100x8000000000000000528468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43853e7bf9870352021-12-21 11:25:58.693root 11241100x8000000000000000528469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0d29f31c1063712021-12-21 11:25:58.693root 11241100x8000000000000000528470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa20de2f88dcc8d52021-12-21 11:25:58.693root 11241100x8000000000000000528471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8f537f3ccaddaa2021-12-21 11:25:58.693root 11241100x8000000000000000528472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd7490032f3fce2021-12-21 11:25:58.693root 11241100x8000000000000000528473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56786f81897895562021-12-21 11:25:58.693root 11241100x8000000000000000528474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e84184245581c892021-12-21 11:25:59.193root 11241100x8000000000000000528475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92499379d7e77c152021-12-21 11:25:59.193root 11241100x8000000000000000528476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9acecba476a0d2021-12-21 11:25:59.193root 11241100x8000000000000000528477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a07fb333cab6bf82021-12-21 11:25:59.193root 11241100x8000000000000000528478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9babdf35f3f956c2021-12-21 11:25:59.194root 11241100x8000000000000000528479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4872483053cf17c92021-12-21 11:25:59.194root 11241100x8000000000000000528480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6417a00f614029b2021-12-21 11:25:59.194root 11241100x8000000000000000528481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43bdddf476d5dab2021-12-21 11:25:59.195root 11241100x8000000000000000528482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982724ecec58a4b02021-12-21 11:25:59.195root 11241100x8000000000000000528483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e593d8190f5cfaa2021-12-21 11:25:59.195root 11241100x8000000000000000528484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cae894521c9502a2021-12-21 11:25:59.693root 11241100x8000000000000000528485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75655544abc60d712021-12-21 11:25:59.693root 11241100x8000000000000000528486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631c76f1b4cd04ab2021-12-21 11:25:59.693root 11241100x8000000000000000528487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0285af1602af8ee2021-12-21 11:25:59.693root 11241100x8000000000000000528488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea7fcbff6e74e172021-12-21 11:25:59.693root 11241100x8000000000000000528489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1840d08959954dba2021-12-21 11:25:59.693root 11241100x8000000000000000528490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ccd27ca1688d1c2021-12-21 11:25:59.693root 11241100x8000000000000000528491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a084fdbef4e3302021-12-21 11:25:59.693root 11241100x8000000000000000528492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e390bc5c6d650ee2021-12-21 11:25:59.693root 11241100x8000000000000000528493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f0dcee376384f52021-12-21 11:25:59.694root 11241100x8000000000000000528494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41da0c3d5c2046562021-12-21 11:26:00.192root 11241100x8000000000000000528495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c4b87dacd836f2021-12-21 11:26:00.193root 11241100x8000000000000000528496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9d7ad2d8f08b2c2021-12-21 11:26:00.193root 11241100x8000000000000000528497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83b4a025578de332021-12-21 11:26:00.193root 11241100x8000000000000000528498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e016a0e8c6c32dd72021-12-21 11:26:00.193root 11241100x8000000000000000528499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e45b6a7af4eb22021-12-21 11:26:00.193root 11241100x8000000000000000528500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7053b41d20994af2021-12-21 11:26:00.193root 11241100x8000000000000000528501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7e31d9d18e1b0e2021-12-21 11:26:00.193root 11241100x8000000000000000528502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979efc16d81dbe7a2021-12-21 11:26:00.194root 11241100x8000000000000000528503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dcc422b791248b2021-12-21 11:26:00.194root 11241100x8000000000000000528504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c6ad0c80711d5e2021-12-21 11:26:00.693root 11241100x8000000000000000528505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3954519b8fdaaa22021-12-21 11:26:00.693root 11241100x8000000000000000528506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e24a3a52194fc92021-12-21 11:26:00.693root 11241100x8000000000000000528507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf461a518cd074f2021-12-21 11:26:00.693root 11241100x8000000000000000528508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e38b85eb6b57832021-12-21 11:26:00.693root 11241100x8000000000000000528509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfede14684c03ed2021-12-21 11:26:00.693root 11241100x8000000000000000528510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2fcd086399a9f82021-12-21 11:26:00.693root 11241100x8000000000000000528511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315ea21112d95c6d2021-12-21 11:26:00.693root 11241100x8000000000000000528512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01700c620c816fe2021-12-21 11:26:00.693root 11241100x8000000000000000528513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c12ac420dbd0c572021-12-21 11:26:00.693root 354300x8000000000000000528514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.178{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48530-false10.0.1.12-8000- 11241100x8000000000000000528515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a0a1a59016ed8e2021-12-21 11:26:01.178root 11241100x8000000000000000528516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a314212b9ac2462021-12-21 11:26:01.179root 11241100x8000000000000000528517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749e8c4321e784272021-12-21 11:26:01.179root 11241100x8000000000000000528518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e58f6601671332021-12-21 11:26:01.179root 11241100x8000000000000000528519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17c77c6e93878af2021-12-21 11:26:01.179root 11241100x8000000000000000528520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a719fba0c3aef22021-12-21 11:26:01.179root 11241100x8000000000000000528521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63251386264e5b372021-12-21 11:26:01.179root 11241100x8000000000000000528522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfda80e862cdfa02021-12-21 11:26:01.179root 11241100x8000000000000000528523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aad307b66764f512021-12-21 11:26:01.179root 11241100x8000000000000000528524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60900dba6da4605a2021-12-21 11:26:01.179root 11241100x8000000000000000528525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29e8d117b8c5e562021-12-21 11:26:01.179root 11241100x8000000000000000528526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fd5293774f16c42021-12-21 11:26:01.442root 11241100x8000000000000000528527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6db3646454089032021-12-21 11:26:01.443root 11241100x8000000000000000528528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d9e00bb8ead9882021-12-21 11:26:01.443root 11241100x8000000000000000528529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deea112ad3d4cca2021-12-21 11:26:01.443root 11241100x8000000000000000528530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603cd637c1d255a2021-12-21 11:26:01.443root 11241100x8000000000000000528531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1da313315b3802021-12-21 11:26:01.443root 11241100x8000000000000000528532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac9cbda223897d22021-12-21 11:26:01.443root 11241100x8000000000000000528533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4197e12709c4ce92021-12-21 11:26:01.443root 11241100x8000000000000000528534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce352ab5b75ce34e2021-12-21 11:26:01.443root 11241100x8000000000000000528535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6bce5e5422c2b92021-12-21 11:26:01.443root 11241100x8000000000000000528536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a209a237c320b8a42021-12-21 11:26:01.443root 11241100x8000000000000000528537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4e4921ba7765a62021-12-21 11:26:01.943root 11241100x8000000000000000528538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48311ddf763cbde32021-12-21 11:26:01.943root 11241100x8000000000000000528539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25fe98a7fa886372021-12-21 11:26:01.943root 11241100x8000000000000000528540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1287076f3b4847442021-12-21 11:26:01.943root 11241100x8000000000000000528541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da98556d28ba76462021-12-21 11:26:01.943root 11241100x8000000000000000528542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df55d8cbb8db9c012021-12-21 11:26:01.943root 11241100x8000000000000000528543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7efbd096f5813a2021-12-21 11:26:01.944root 11241100x8000000000000000528544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14df2a017f3d39012021-12-21 11:26:01.944root 11241100x8000000000000000528545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c3e98fc7dc9c362021-12-21 11:26:01.944root 11241100x8000000000000000528546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3967b930d37d442021-12-21 11:26:01.944root 11241100x8000000000000000528547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba137d9fdffdbee2021-12-21 11:26:01.944root 11241100x8000000000000000528548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ce0699e09b05242021-12-21 11:26:02.442root 11241100x8000000000000000528549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3e07504a4cabd42021-12-21 11:26:02.443root 11241100x8000000000000000528550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3384153485163342021-12-21 11:26:02.443root 11241100x8000000000000000528551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0acb23b20f8ecb2021-12-21 11:26:02.443root 11241100x8000000000000000528552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec71131312ba04b2021-12-21 11:26:02.443root 11241100x8000000000000000528553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32201e5ceca30e462021-12-21 11:26:02.443root 11241100x8000000000000000528554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a657e98a3bf75c402021-12-21 11:26:02.443root 11241100x8000000000000000528555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb21e379cd22c622021-12-21 11:26:02.443root 11241100x8000000000000000528556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ec17d6c2d29042021-12-21 11:26:02.443root 11241100x8000000000000000528557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a460d2ab7a3106b2021-12-21 11:26:02.443root 11241100x8000000000000000528558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb55a30a7035a0662021-12-21 11:26:02.444root 11241100x8000000000000000528559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcbe4e9bbca95102021-12-21 11:26:02.943root 11241100x8000000000000000528560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d0a40febba1de22021-12-21 11:26:02.943root 11241100x8000000000000000528561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56612d6f0dbe1b8a2021-12-21 11:26:02.943root 11241100x8000000000000000528562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb30e8a5270732fb2021-12-21 11:26:02.943root 11241100x8000000000000000528563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dd3279c9b7a3f82021-12-21 11:26:02.943root 11241100x8000000000000000528564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dfbb91f106b6682021-12-21 11:26:02.944root 11241100x8000000000000000528565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c614373f770c1f2021-12-21 11:26:02.944root 11241100x8000000000000000528566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4d1ab3dbaf8a322021-12-21 11:26:02.944root 11241100x8000000000000000528567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c042ff01efd7c2052021-12-21 11:26:02.944root 11241100x8000000000000000528568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4731605bb2757c2021-12-21 11:26:02.944root 11241100x8000000000000000528569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86802442434df92c2021-12-21 11:26:02.944root 11241100x8000000000000000528570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f742a06279f437022021-12-21 11:26:03.443root 11241100x8000000000000000528571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097a4d75273a75a52021-12-21 11:26:03.443root 11241100x8000000000000000528572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e549987b261fe32021-12-21 11:26:03.443root 11241100x8000000000000000528573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fd08a854676b4b2021-12-21 11:26:03.443root 11241100x8000000000000000528574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e89ff44500f85e2021-12-21 11:26:03.443root 11241100x8000000000000000528575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8299232ee6d75dc2021-12-21 11:26:03.443root 11241100x8000000000000000528576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862c9e1beb7048c42021-12-21 11:26:03.444root 11241100x8000000000000000528577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f68c9924da53762021-12-21 11:26:03.444root 11241100x8000000000000000528578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626179518868ebb32021-12-21 11:26:03.444root 11241100x8000000000000000528579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fee2c837562e892021-12-21 11:26:03.444root 11241100x8000000000000000528580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb80aebd4dd643242021-12-21 11:26:03.444root 11241100x8000000000000000528581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26e18573b0f8ecb2021-12-21 11:26:03.943root 11241100x8000000000000000528582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e7192b8bbd830e2021-12-21 11:26:03.943root 11241100x8000000000000000528583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa6fc1f11b716db2021-12-21 11:26:03.943root 11241100x8000000000000000528584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a117c6fe926450dc2021-12-21 11:26:03.943root 11241100x8000000000000000528585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d794cfcd9c5d89f2021-12-21 11:26:03.943root 11241100x8000000000000000528586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1f2f66c59c7d882021-12-21 11:26:03.943root 11241100x8000000000000000528587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee975746b553d1f02021-12-21 11:26:03.944root 11241100x8000000000000000528588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1495de93158e872021-12-21 11:26:03.944root 11241100x8000000000000000528589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc10086044ae4802021-12-21 11:26:03.944root 11241100x8000000000000000528590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86074dad2e83c1e32021-12-21 11:26:03.944root 11241100x8000000000000000528591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aba0e87d96989792021-12-21 11:26:03.944root 11241100x8000000000000000528592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8271c6f76a7190a02021-12-21 11:26:04.443root 11241100x8000000000000000528593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b552bd6892a3b82021-12-21 11:26:04.443root 11241100x8000000000000000528594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac461a8363a989932021-12-21 11:26:04.443root 11241100x8000000000000000528595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7908e8295b67c32021-12-21 11:26:04.443root 11241100x8000000000000000528596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce29cfe9b29b4ff2021-12-21 11:26:04.443root 11241100x8000000000000000528597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48857fd024beb25c2021-12-21 11:26:04.443root 11241100x8000000000000000528598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57f443189e664162021-12-21 11:26:04.444root 11241100x8000000000000000528599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7976ca62b16f61582021-12-21 11:26:04.444root 11241100x8000000000000000528600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3dbe7a5f4c389f2021-12-21 11:26:04.444root 11241100x8000000000000000528601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c4d14816351ffb2021-12-21 11:26:04.444root 11241100x8000000000000000528602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ebaad66aa69bb2021-12-21 11:26:04.444root 11241100x8000000000000000528603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d361d40714e0ad2021-12-21 11:26:04.943root 11241100x8000000000000000528604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30722f002f2d2e82021-12-21 11:26:04.943root 11241100x8000000000000000528605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3345a924577e14a2021-12-21 11:26:04.943root 11241100x8000000000000000528606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d89cac6a66eb922021-12-21 11:26:04.943root 11241100x8000000000000000528607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428fb855d3b647702021-12-21 11:26:04.943root 11241100x8000000000000000528608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb1eb2363a71bb42021-12-21 11:26:04.943root 11241100x8000000000000000528609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3303db011777a1c2021-12-21 11:26:04.943root 11241100x8000000000000000528610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed3d79beb16b2a52021-12-21 11:26:04.944root 11241100x8000000000000000528611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8787f401e8cd1a4e2021-12-21 11:26:04.944root 11241100x8000000000000000528612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40877eef88849ee2021-12-21 11:26:04.944root 11241100x8000000000000000528613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa9cf61d7769da2021-12-21 11:26:04.944root 11241100x8000000000000000528614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8279a832f42ec6be2021-12-21 11:26:05.443root 11241100x8000000000000000528615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3880f2b1de6710b42021-12-21 11:26:05.443root 11241100x8000000000000000528616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0114d8f853570e2021-12-21 11:26:05.443root 11241100x8000000000000000528617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92348065fb1c3b12021-12-21 11:26:05.443root 11241100x8000000000000000528618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f9e440994d2b72021-12-21 11:26:05.443root 11241100x8000000000000000528619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee70d946e243a47e2021-12-21 11:26:05.443root 11241100x8000000000000000528620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83a00c4b126ab492021-12-21 11:26:05.443root 11241100x8000000000000000528621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d27cd3ed12c92242021-12-21 11:26:05.443root 11241100x8000000000000000528622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402debbe6bc03d462021-12-21 11:26:05.443root 11241100x8000000000000000528623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5490b46f166456342021-12-21 11:26:05.444root 11241100x8000000000000000528624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b99eb650717ef182021-12-21 11:26:05.444root 11241100x8000000000000000528625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf3b70926ca0e562021-12-21 11:26:05.943root 11241100x8000000000000000528626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cb4e8279a78e3b2021-12-21 11:26:05.943root 11241100x8000000000000000528627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da771cde4caffff2021-12-21 11:26:05.943root 11241100x8000000000000000528628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24429a058bc394ed2021-12-21 11:26:05.943root 11241100x8000000000000000528629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c1b881f3779ca2021-12-21 11:26:05.943root 11241100x8000000000000000528630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6038de37d322ca22021-12-21 11:26:05.943root 11241100x8000000000000000528631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1df9b3cfea496f2021-12-21 11:26:05.943root 11241100x8000000000000000528632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1862335c045ef4c42021-12-21 11:26:05.943root 11241100x8000000000000000528633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3965c0272e5fc9242021-12-21 11:26:05.943root 11241100x8000000000000000528634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c2b87c02f63f7e2021-12-21 11:26:05.944root 11241100x8000000000000000528635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fe5e02093d87332021-12-21 11:26:05.944root 354300x8000000000000000528636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48532-false10.0.1.12-8000- 11241100x8000000000000000528637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2683128df7d97c2021-12-21 11:26:06.258root 11241100x8000000000000000528638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac75db5e9c28d9b2021-12-21 11:26:06.258root 11241100x8000000000000000528639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e71c2e7e2ba13c2021-12-21 11:26:06.258root 11241100x8000000000000000528640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be002bee73535af2021-12-21 11:26:06.258root 11241100x8000000000000000528641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c39caf98c59d132021-12-21 11:26:06.258root 11241100x8000000000000000528642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8471f825ea21b02021-12-21 11:26:06.258root 11241100x8000000000000000528643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2a13e3688d75802021-12-21 11:26:06.259root 11241100x8000000000000000528644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7431396bf985562021-12-21 11:26:06.259root 11241100x8000000000000000528645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a00200b36e00fd82021-12-21 11:26:06.259root 11241100x8000000000000000528646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8142cf54222b42b02021-12-21 11:26:06.259root 11241100x8000000000000000528647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d8a795257baf42021-12-21 11:26:06.260root 11241100x8000000000000000528648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb7cf307e9dddf22021-12-21 11:26:06.260root 11241100x8000000000000000528649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:26:06.328root 11241100x8000000000000000528650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ffd0a6cab52b962021-12-21 11:26:06.693root 11241100x8000000000000000528651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaa601c9e3c2c172021-12-21 11:26:06.693root 11241100x8000000000000000528652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc516eb94b9bc9c2021-12-21 11:26:06.693root 11241100x8000000000000000528653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495b2310355ade992021-12-21 11:26:06.693root 11241100x8000000000000000528654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4555e707bd0634452021-12-21 11:26:06.693root 11241100x8000000000000000528655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e69c63ce26c7e112021-12-21 11:26:06.693root 11241100x8000000000000000528656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f929f0a938a4562021-12-21 11:26:06.693root 11241100x8000000000000000528657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b88c3cf051beec02021-12-21 11:26:06.694root 11241100x8000000000000000528658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048e90001855d282021-12-21 11:26:06.694root 11241100x8000000000000000528659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cb52671b83e00d2021-12-21 11:26:06.694root 11241100x8000000000000000528660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f367bc4db1e592021-12-21 11:26:06.694root 11241100x8000000000000000528661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45fffcd83f916642021-12-21 11:26:06.694root 11241100x8000000000000000528662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcb7f6aee3bd6582021-12-21 11:26:06.694root 11241100x8000000000000000528663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcf7fb94f2fda522021-12-21 11:26:07.193root 11241100x8000000000000000528664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f45816091c1f1112021-12-21 11:26:07.193root 11241100x8000000000000000528665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf24e68a33b247942021-12-21 11:26:07.193root 11241100x8000000000000000528666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b911d93af0ddae2021-12-21 11:26:07.193root 11241100x8000000000000000528667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b549f06ad0f55f2021-12-21 11:26:07.193root 11241100x8000000000000000528668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f776932dc2ec41812021-12-21 11:26:07.193root 11241100x8000000000000000528669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1c2d356343770b2021-12-21 11:26:07.193root 11241100x8000000000000000528670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7687b1653fcf10ff2021-12-21 11:26:07.193root 11241100x8000000000000000528671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1b4e401d9872992021-12-21 11:26:07.193root 11241100x8000000000000000528672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174c4707469ab2fb2021-12-21 11:26:07.194root 11241100x8000000000000000528673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600089840c21c02b2021-12-21 11:26:07.194root 11241100x8000000000000000528674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823b8a13ab70bb362021-12-21 11:26:07.194root 11241100x8000000000000000528675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d345307e18aefb2021-12-21 11:26:07.194root 11241100x8000000000000000528676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6c591ecb2be392021-12-21 11:26:07.693root 11241100x8000000000000000528677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd36ba2c55f1bbd2021-12-21 11:26:07.693root 11241100x8000000000000000528678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed91a2b5f27e1f292021-12-21 11:26:07.693root 11241100x8000000000000000528679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ad948baab94a782021-12-21 11:26:07.694root 11241100x8000000000000000528680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52266d78b6710d212021-12-21 11:26:07.694root 11241100x8000000000000000528681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2f553c520a06452021-12-21 11:26:07.694root 11241100x8000000000000000528682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d227077e29017a2e2021-12-21 11:26:07.694root 11241100x8000000000000000528683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d458bb67886d1c62021-12-21 11:26:07.694root 11241100x8000000000000000528684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9918a4a19e4dbdcb2021-12-21 11:26:07.694root 11241100x8000000000000000528685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e636acef764e8912021-12-21 11:26:07.694root 11241100x8000000000000000528686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9824acbd40d88d202021-12-21 11:26:07.694root 11241100x8000000000000000528687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ede15afd381b4b2021-12-21 11:26:07.695root 11241100x8000000000000000528688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31853c4be28f22c92021-12-21 11:26:07.695root 11241100x8000000000000000528689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478eb838243e081b2021-12-21 11:26:08.193root 11241100x8000000000000000528690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1752569547d022a2021-12-21 11:26:08.193root 11241100x8000000000000000528691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbd86a7b2b4ef2b2021-12-21 11:26:08.193root 11241100x8000000000000000528692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b61099ae2388602021-12-21 11:26:08.193root 11241100x8000000000000000528693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eb0c2ac5fed4882021-12-21 11:26:08.194root 11241100x8000000000000000528694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab55c2c18f2385d02021-12-21 11:26:08.194root 11241100x8000000000000000528695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9b0a9c34236d52021-12-21 11:26:08.194root 11241100x8000000000000000528696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c39e74cd1b4d912021-12-21 11:26:08.194root 11241100x8000000000000000528697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6a9d4edcf13d42021-12-21 11:26:08.194root 11241100x8000000000000000528698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee217758390a3ed42021-12-21 11:26:08.194root 11241100x8000000000000000528699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e22b8598bbec702021-12-21 11:26:08.194root 11241100x8000000000000000528700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aac8930902791f2021-12-21 11:26:08.194root 11241100x8000000000000000528701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ece6d74a60978fb2021-12-21 11:26:08.194root 11241100x8000000000000000528702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dde37d03ddbdcfd2021-12-21 11:26:08.693root 11241100x8000000000000000528703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461cb456629712dd2021-12-21 11:26:08.693root 11241100x8000000000000000528704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d35419346ada7382021-12-21 11:26:08.693root 11241100x8000000000000000528705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c20745c70f69fd62021-12-21 11:26:08.693root 11241100x8000000000000000528706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35294e3144bf0e562021-12-21 11:26:08.694root 11241100x8000000000000000528707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f20bcc776d06f12021-12-21 11:26:08.694root 11241100x8000000000000000528708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e508e02f7721312021-12-21 11:26:08.694root 11241100x8000000000000000528709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defe391a192bdef62021-12-21 11:26:08.694root 11241100x8000000000000000528710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad785d46e6484d32021-12-21 11:26:08.694root 11241100x8000000000000000528711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61768363b459ab82021-12-21 11:26:08.694root 11241100x8000000000000000528712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa1f49330d99b412021-12-21 11:26:08.694root 11241100x8000000000000000528713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd05ed4879ddeac2021-12-21 11:26:08.695root 11241100x8000000000000000528714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4bcc91b56317402021-12-21 11:26:08.695root 11241100x8000000000000000528715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed239864dac071c2021-12-21 11:26:09.193root 11241100x8000000000000000528716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8f8d9a5fee71372021-12-21 11:26:09.193root 11241100x8000000000000000528717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90afa6c39a336da82021-12-21 11:26:09.193root 11241100x8000000000000000528718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c438cf93837403722021-12-21 11:26:09.193root 11241100x8000000000000000528719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b439d073473a02021-12-21 11:26:09.193root 11241100x8000000000000000528720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3abcd8b1be85e72021-12-21 11:26:09.193root 11241100x8000000000000000528721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a677626054f39d552021-12-21 11:26:09.193root 11241100x8000000000000000528722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f382b461eb6025302021-12-21 11:26:09.193root 11241100x8000000000000000528723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e17fa5dfb5ae3e02021-12-21 11:26:09.193root 11241100x8000000000000000528724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba093a4112141f92021-12-21 11:26:09.194root 11241100x8000000000000000528725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ce5a4d534d406d2021-12-21 11:26:09.194root 11241100x8000000000000000528726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6617a2317f097c2021-12-21 11:26:09.194root 11241100x8000000000000000528727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69bd1c34a257adf2021-12-21 11:26:09.194root 23542300x8000000000000000528728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.298{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000528729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525f40814b5d33da2021-12-21 11:26:09.693root 11241100x8000000000000000528730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2b53489c5a73912021-12-21 11:26:09.693root 11241100x8000000000000000528731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cbfd7d2a8c48f32021-12-21 11:26:09.693root 11241100x8000000000000000528732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7de853c83f9bee02021-12-21 11:26:09.694root 11241100x8000000000000000528733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137dc166018def92021-12-21 11:26:09.694root 11241100x8000000000000000528734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3d2cf5a8b1eb892021-12-21 11:26:09.694root 11241100x8000000000000000528735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397fb756275cef1b2021-12-21 11:26:09.694root 11241100x8000000000000000528736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ffb6c0afdb7aa32021-12-21 11:26:09.694root 11241100x8000000000000000528737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafe7f7ac31905f82021-12-21 11:26:09.695root 11241100x8000000000000000528738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c492127e0db17a42021-12-21 11:26:09.695root 11241100x8000000000000000528739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbbb6ec0e8492472021-12-21 11:26:09.695root 11241100x8000000000000000528740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356bbd755d3032892021-12-21 11:26:09.695root 11241100x8000000000000000528741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d48784e64954f52021-12-21 11:26:09.695root 11241100x8000000000000000528742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea722e1ccfc53292021-12-21 11:26:09.695root 11241100x8000000000000000528743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe02c3cf0b62c432021-12-21 11:26:10.193root 11241100x8000000000000000528744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c93084cb5bfa42021-12-21 11:26:10.193root 11241100x8000000000000000528745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6e6a266116b2742021-12-21 11:26:10.193root 11241100x8000000000000000528746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138cbde6c8b845f02021-12-21 11:26:10.193root 11241100x8000000000000000528747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b5615536d9d01b2021-12-21 11:26:10.193root 11241100x8000000000000000528748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43769cecabce835f2021-12-21 11:26:10.193root 11241100x8000000000000000528749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facaa3c68495713a2021-12-21 11:26:10.193root 11241100x8000000000000000528750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb868ccf0bcacfd82021-12-21 11:26:10.193root 11241100x8000000000000000528751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e62360fd4b1bb2b2021-12-21 11:26:10.194root 11241100x8000000000000000528752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ee829717a5e1192021-12-21 11:26:10.194root 11241100x8000000000000000528753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e6f74dce118882021-12-21 11:26:10.194root 11241100x8000000000000000528754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c3d1d6495a8fbf2021-12-21 11:26:10.194root 11241100x8000000000000000528755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5bc5947701a2d02021-12-21 11:26:10.194root 11241100x8000000000000000528756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd202d475ff7488e2021-12-21 11:26:10.194root 11241100x8000000000000000528757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6033867c9de1e3bf2021-12-21 11:26:10.693root 11241100x8000000000000000528758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff3458f251067c2021-12-21 11:26:10.693root 11241100x8000000000000000528759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5db53d204023872021-12-21 11:26:10.693root 11241100x8000000000000000528760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b93fb110876f0c72021-12-21 11:26:10.694root 11241100x8000000000000000528761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16529bf287145e282021-12-21 11:26:10.694root 11241100x8000000000000000528762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ef285b7d683dd52021-12-21 11:26:10.694root 11241100x8000000000000000528763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fada599bb21dd6f2021-12-21 11:26:10.694root 11241100x8000000000000000528764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e597df88784ad3812021-12-21 11:26:10.694root 11241100x8000000000000000528765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8bc53a1b1e73272021-12-21 11:26:10.694root 11241100x8000000000000000528766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9272e1dabf9a87a72021-12-21 11:26:10.695root 11241100x8000000000000000528767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0819124c968b9e52021-12-21 11:26:10.695root 11241100x8000000000000000528768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2008ae39b4c6d8a52021-12-21 11:26:10.695root 11241100x8000000000000000528769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ace2cea2e6f23d2021-12-21 11:26:10.695root 11241100x8000000000000000528770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b9de2f009cde562021-12-21 11:26:10.695root 11241100x8000000000000000528771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e9358954a16d012021-12-21 11:26:11.193root 11241100x8000000000000000528772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229e049df34a47752021-12-21 11:26:11.193root 11241100x8000000000000000528773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d9afd51d8a18572021-12-21 11:26:11.193root 11241100x8000000000000000528774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47885d2c6393a1c92021-12-21 11:26:11.193root 11241100x8000000000000000528775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b305d555038e17f42021-12-21 11:26:11.194root 11241100x8000000000000000528776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c8de8047e53382021-12-21 11:26:11.194root 11241100x8000000000000000528777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b935b81b591fb4cd2021-12-21 11:26:11.194root 11241100x8000000000000000528778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d7f1d85419830d2021-12-21 11:26:11.194root 11241100x8000000000000000528779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db237861109b5b7e2021-12-21 11:26:11.194root 11241100x8000000000000000528780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd216cdb05818ba2021-12-21 11:26:11.194root 11241100x8000000000000000528781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f8e01d517c70a52021-12-21 11:26:11.195root 11241100x8000000000000000528782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fccf1723e58e53e2021-12-21 11:26:11.195root 11241100x8000000000000000528783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24126c1cccc056df2021-12-21 11:26:11.195root 11241100x8000000000000000528784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1a4b74d033176c2021-12-21 11:26:11.195root 11241100x8000000000000000528785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9223104fec995d32021-12-21 11:26:11.693root 11241100x8000000000000000528786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824b2c34962c1df2021-12-21 11:26:11.693root 11241100x8000000000000000528787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f141f181b7f6a52021-12-21 11:26:11.693root 11241100x8000000000000000528788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e321a959af37d62021-12-21 11:26:11.693root 11241100x8000000000000000528789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33ca13f3077b4332021-12-21 11:26:11.693root 11241100x8000000000000000528790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05b15319faab54c2021-12-21 11:26:11.693root 11241100x8000000000000000528791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1b10ab2ddd7b452021-12-21 11:26:11.693root 11241100x8000000000000000528792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81595b38e39b2042021-12-21 11:26:11.693root 11241100x8000000000000000528793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbae846cc70af6a12021-12-21 11:26:11.693root 11241100x8000000000000000528794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129e17fdf55241d2021-12-21 11:26:11.694root 11241100x8000000000000000528795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841a00d51b9cd45c2021-12-21 11:26:11.694root 11241100x8000000000000000528796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed8aad3d2f0916e2021-12-21 11:26:11.694root 11241100x8000000000000000528797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903fd9cc7e8e31f52021-12-21 11:26:11.694root 11241100x8000000000000000528798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3eb528157dd4f52021-12-21 11:26:11.694root 354300x8000000000000000528799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.056{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48534-false10.0.1.12-8000- 11241100x8000000000000000528800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c051f7a85855912021-12-21 11:26:12.057root 11241100x8000000000000000528801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc89440027aa5992021-12-21 11:26:12.057root 11241100x8000000000000000528802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265a10284283fe032021-12-21 11:26:12.057root 11241100x8000000000000000528803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367e33c37fd45e342021-12-21 11:26:12.057root 11241100x8000000000000000528804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c447af8a859b72021-12-21 11:26:12.057root 11241100x8000000000000000528805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cee48f9f98704c2021-12-21 11:26:12.057root 11241100x8000000000000000528806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31849cc0cbcd68b12021-12-21 11:26:12.057root 11241100x8000000000000000528807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8c8263a70f47572021-12-21 11:26:12.058root 11241100x8000000000000000528808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298694916d17bd972021-12-21 11:26:12.058root 11241100x8000000000000000528809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc1cc2992f326632021-12-21 11:26:12.058root 11241100x8000000000000000528810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2087ad499034b44d2021-12-21 11:26:12.058root 11241100x8000000000000000528811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cabb43273ae3fc92021-12-21 11:26:12.059root 11241100x8000000000000000528812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c73b748530bf38f2021-12-21 11:26:12.059root 11241100x8000000000000000528813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b5d9608acc75f82021-12-21 11:26:12.059root 11241100x8000000000000000528814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ba4bf5783c7a6a2021-12-21 11:26:12.059root 11241100x8000000000000000528815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f53e4d905589572021-12-21 11:26:12.443root 11241100x8000000000000000528816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f641dbc24b3b132021-12-21 11:26:12.443root 11241100x8000000000000000528817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca1b6c15fb17d6b2021-12-21 11:26:12.443root 11241100x8000000000000000528818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1ff2f4165d76872021-12-21 11:26:12.444root 11241100x8000000000000000528819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d093ee88ebbdace2021-12-21 11:26:12.444root 11241100x8000000000000000528820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311d817ee09c6b32021-12-21 11:26:12.444root 11241100x8000000000000000528821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadc76a0e996bdb22021-12-21 11:26:12.445root 11241100x8000000000000000528822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f395b101c955e2021-12-21 11:26:12.445root 11241100x8000000000000000528823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b9d267335f47172021-12-21 11:26:12.445root 11241100x8000000000000000528824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bd05a9783ae0e42021-12-21 11:26:12.445root 11241100x8000000000000000528825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda61edaf53318332021-12-21 11:26:12.446root 11241100x8000000000000000528826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2eb5465e0b4a6d2021-12-21 11:26:12.446root 11241100x8000000000000000528827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788233323fb17e632021-12-21 11:26:12.447root 11241100x8000000000000000528828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae37547d21375b42021-12-21 11:26:12.447root 11241100x8000000000000000528829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d69b78d03206e72021-12-21 11:26:12.447root 11241100x8000000000000000528830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec8e9d2c7eec7d82021-12-21 11:26:12.943root 11241100x8000000000000000528831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f016b8112bb15022021-12-21 11:26:12.943root 11241100x8000000000000000528832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f2732c95715d252021-12-21 11:26:12.943root 11241100x8000000000000000528833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae84a1890e32d262021-12-21 11:26:12.943root 11241100x8000000000000000528834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec91d23c1b665fe2021-12-21 11:26:12.943root 11241100x8000000000000000528835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23377249e341df2021-12-21 11:26:12.944root 11241100x8000000000000000528836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4983342e2027b3e52021-12-21 11:26:12.944root 11241100x8000000000000000528837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06af4d80c9a76402021-12-21 11:26:12.944root 11241100x8000000000000000528838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a68dfe0781f0972021-12-21 11:26:12.944root 11241100x8000000000000000528839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527cebf81adc902f2021-12-21 11:26:12.944root 11241100x8000000000000000528840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad605d1682666c32021-12-21 11:26:12.944root 11241100x8000000000000000528841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b633e73cf1331c252021-12-21 11:26:12.944root 11241100x8000000000000000528842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5658b05312134a812021-12-21 11:26:12.944root 11241100x8000000000000000528843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e336d51a22e3eb752021-12-21 11:26:12.944root 11241100x8000000000000000528844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ade5a65e818b8e2021-12-21 11:26:12.944root 11241100x8000000000000000528845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e665ce2a341848c2021-12-21 11:26:13.443root 11241100x8000000000000000528846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c9190ff9ecf6a2021-12-21 11:26:13.443root 11241100x8000000000000000528847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5bd5b5cbf2e4f72021-12-21 11:26:13.443root 11241100x8000000000000000528848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7b03920d29ae462021-12-21 11:26:13.443root 11241100x8000000000000000528849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4bc321a249cda2021-12-21 11:26:13.443root 11241100x8000000000000000528850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a20b0060b4d20f62021-12-21 11:26:13.443root 11241100x8000000000000000528851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f389154359300ad2021-12-21 11:26:13.444root 11241100x8000000000000000528852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540019c266deb2762021-12-21 11:26:13.444root 11241100x8000000000000000528853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338b36e2847828392021-12-21 11:26:13.444root 11241100x8000000000000000528854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35f994b175e921a2021-12-21 11:26:13.444root 11241100x8000000000000000528855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b274b8973790c8dc2021-12-21 11:26:13.444root 11241100x8000000000000000528856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32dd68d2dff28a72021-12-21 11:26:13.444root 11241100x8000000000000000528857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e49567c5732487a2021-12-21 11:26:13.444root 11241100x8000000000000000528858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc480b9a06c183c52021-12-21 11:26:13.444root 11241100x8000000000000000528859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f424fc406dfe82722021-12-21 11:26:13.444root 11241100x8000000000000000528860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bd27e1ca4922d82021-12-21 11:26:13.943root 11241100x8000000000000000528861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b87d4643f9a1f932021-12-21 11:26:13.943root 11241100x8000000000000000528862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a303f29801add2021-12-21 11:26:13.943root 11241100x8000000000000000528863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa81c4231360b33e2021-12-21 11:26:13.943root 11241100x8000000000000000528864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0e625611f4d792021-12-21 11:26:13.943root 11241100x8000000000000000528865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df41379280ddd55f2021-12-21 11:26:13.943root 11241100x8000000000000000528866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e41afbc87c7f1e82021-12-21 11:26:13.943root 11241100x8000000000000000528867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc6b397fadd46912021-12-21 11:26:13.944root 11241100x8000000000000000528868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebbefeb194ef8cf2021-12-21 11:26:13.944root 11241100x8000000000000000528869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80697578802fa0162021-12-21 11:26:13.944root 11241100x8000000000000000528870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dd00c8757f575d2021-12-21 11:26:13.944root 11241100x8000000000000000528871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8a4b13de4b0ff2021-12-21 11:26:13.944root 11241100x8000000000000000528872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa5336006052732021-12-21 11:26:13.944root 11241100x8000000000000000528873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b45ee9b56efd1a2021-12-21 11:26:13.944root 11241100x8000000000000000528874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144167955ba2a9692021-12-21 11:26:13.944root 11241100x8000000000000000528875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3cb41dbc7434972021-12-21 11:26:14.443root 11241100x8000000000000000528876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9147701d354d502021-12-21 11:26:14.443root 11241100x8000000000000000528877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80f7c2039c65c5a2021-12-21 11:26:14.443root 11241100x8000000000000000528878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1719f546c68815762021-12-21 11:26:14.443root 11241100x8000000000000000528879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e551adf0bb95c8732021-12-21 11:26:14.443root 11241100x8000000000000000528880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbe02c90149e3ae2021-12-21 11:26:14.443root 11241100x8000000000000000528881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a13beb35fc3022021-12-21 11:26:14.444root 11241100x8000000000000000528882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e89e46111e9f6f2021-12-21 11:26:14.444root 11241100x8000000000000000528883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e61eda9119d07182021-12-21 11:26:14.444root 11241100x8000000000000000528884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b201a76357321882021-12-21 11:26:14.444root 11241100x8000000000000000528885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb32566337766162021-12-21 11:26:14.444root 11241100x8000000000000000528886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561a82b299b8a5362021-12-21 11:26:14.444root 11241100x8000000000000000528887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb20923ee62172b2021-12-21 11:26:14.444root 11241100x8000000000000000528888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632400c9075796e62021-12-21 11:26:14.444root 11241100x8000000000000000528889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071ffbb3e22bfd932021-12-21 11:26:14.444root 154100x8000000000000000528890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.883{ec2b6afe-b9d6-61c1-6894-7c1d0d560000}9864/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000528891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be582aa257a3f1da2021-12-21 11:26:14.885root 11241100x8000000000000000528892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87838a1a1ca1586b2021-12-21 11:26:14.885root 11241100x8000000000000000528893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08423a65686d22c62021-12-21 11:26:14.885root 11241100x8000000000000000528894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6860000e69a027012021-12-21 11:26:14.885root 11241100x8000000000000000528895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae78217d891a3dcc2021-12-21 11:26:14.885root 11241100x8000000000000000528896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab78aea385c6dbe2021-12-21 11:26:14.885root 11241100x8000000000000000528897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4292495f1a137572021-12-21 11:26:14.885root 11241100x8000000000000000528898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92d8cb68e3997c12021-12-21 11:26:14.885root 11241100x8000000000000000528899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.885{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df447647570146cd2021-12-21 11:26:14.885root 11241100x8000000000000000528900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8488b3d07b57d232021-12-21 11:26:14.886root 11241100x8000000000000000528901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2869b5e261ea30422021-12-21 11:26:14.886root 11241100x8000000000000000528902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe5d68a6f6daaff2021-12-21 11:26:14.886root 11241100x8000000000000000528903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbab20729813ba972021-12-21 11:26:14.886root 11241100x8000000000000000528904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb07b9bc14c6fcbd2021-12-21 11:26:14.886root 11241100x8000000000000000528905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35509516b8610072021-12-21 11:26:14.886root 11241100x8000000000000000528906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.886{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a0403f27bb5652021-12-21 11:26:14.886root 534500x8000000000000000528907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:14.896{ec2b6afe-b9d6-61c1-6894-7c1d0d560000}9864/bin/psroot 11241100x8000000000000000528908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544527d9fe6a91072021-12-21 11:26:15.193root 11241100x8000000000000000528909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e203cb813bf8ef02021-12-21 11:26:15.193root 11241100x8000000000000000528910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d30215d4fa9a842021-12-21 11:26:15.193root 11241100x8000000000000000528911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1078219f44f480c02021-12-21 11:26:15.193root 11241100x8000000000000000528912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392627ac633ba8a02021-12-21 11:26:15.193root 11241100x8000000000000000528913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a25a270b52e9cf52021-12-21 11:26:15.193root 11241100x8000000000000000528914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ca71aa242c9b112021-12-21 11:26:15.194root 11241100x8000000000000000528915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1b01be723f52bd2021-12-21 11:26:15.194root 11241100x8000000000000000528916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0203a2654b9182382021-12-21 11:26:15.194root 11241100x8000000000000000528917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42e0a87a35709c82021-12-21 11:26:15.194root 11241100x8000000000000000528918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405c5779b6d55ed82021-12-21 11:26:15.194root 11241100x8000000000000000528919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d37246d5114e1e2021-12-21 11:26:15.194root 11241100x8000000000000000528920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfef8480b80d4a292021-12-21 11:26:15.194root 11241100x8000000000000000528921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae71f5b95f3a3722021-12-21 11:26:15.194root 11241100x8000000000000000528922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ddf1c4e31813372021-12-21 11:26:15.194root 11241100x8000000000000000528923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3754a86b42c260502021-12-21 11:26:15.194root 11241100x8000000000000000528924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f654f793590937bc2021-12-21 11:26:15.194root 11241100x8000000000000000528925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afdb408c780ed222021-12-21 11:26:15.693root 11241100x8000000000000000528926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d5d30eb0c8c09e2021-12-21 11:26:15.693root 11241100x8000000000000000528927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6044daf4ecf667f2021-12-21 11:26:15.693root 11241100x8000000000000000528928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4944bcc968235e3c2021-12-21 11:26:15.693root 11241100x8000000000000000528929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a151a281ed5860f62021-12-21 11:26:15.693root 11241100x8000000000000000528930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861bf883e68cbf272021-12-21 11:26:15.693root 11241100x8000000000000000528931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7d67bebeb747ed2021-12-21 11:26:15.694root 11241100x8000000000000000528932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad04c5d6ed4a63002021-12-21 11:26:15.694root 11241100x8000000000000000528933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5e9a9975f012d52021-12-21 11:26:15.694root 11241100x8000000000000000528934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0243496e2226482021-12-21 11:26:15.694root 11241100x8000000000000000528935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6fdcfc4321b1f42021-12-21 11:26:15.694root 11241100x8000000000000000528936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f0072a99ddf58d2021-12-21 11:26:15.694root 11241100x8000000000000000528937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e599402ecf31e512021-12-21 11:26:15.694root 11241100x8000000000000000528938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b154224d775c8ab2021-12-21 11:26:15.694root 11241100x8000000000000000528939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4506713c24751c62021-12-21 11:26:15.694root 11241100x8000000000000000528940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0df9d2d46d56ce2021-12-21 11:26:15.694root 11241100x8000000000000000528941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc24f951f58a7b2021-12-21 11:26:15.694root 11241100x8000000000000000528942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00269e3d34ce23b22021-12-21 11:26:16.193root 11241100x8000000000000000528943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259df9ea7595e6672021-12-21 11:26:16.194root 11241100x8000000000000000528944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f392d8957ecdb2021-12-21 11:26:16.194root 11241100x8000000000000000528945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa12e761656f829f2021-12-21 11:26:16.194root 11241100x8000000000000000528946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e33d65bb24b0d212021-12-21 11:26:16.194root 11241100x8000000000000000528947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780b2cf612d9d5362021-12-21 11:26:16.194root 11241100x8000000000000000528948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e0139a6a26c9c22021-12-21 11:26:16.195root 11241100x8000000000000000528949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee05bd77eede3c2021-12-21 11:26:16.195root 11241100x8000000000000000528950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e789a6be402b162021-12-21 11:26:16.195root 11241100x8000000000000000528951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65495563414c9fd2021-12-21 11:26:16.195root 11241100x8000000000000000528952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f267880a7fdd3c2021-12-21 11:26:16.195root 11241100x8000000000000000528953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ac7172d80efcae2021-12-21 11:26:16.195root 11241100x8000000000000000528954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c63202c7dd17542021-12-21 11:26:16.195root 11241100x8000000000000000528955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e043e3800100f72021-12-21 11:26:16.195root 11241100x8000000000000000528956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b588c24395bc22e52021-12-21 11:26:16.195root 11241100x8000000000000000528957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69cad377a59d1d2021-12-21 11:26:16.195root 11241100x8000000000000000528958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1ea2458909c2262021-12-21 11:26:16.195root 11241100x8000000000000000528959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5a4ef79a0648f02021-12-21 11:26:16.693root 11241100x8000000000000000528960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9aad476ebc02bc72021-12-21 11:26:16.693root 11241100x8000000000000000528961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e665700e8ec6ab32021-12-21 11:26:16.693root 11241100x8000000000000000528962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b09c4148be83ed2021-12-21 11:26:16.693root 11241100x8000000000000000528963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38395dc207dba82021-12-21 11:26:16.693root 11241100x8000000000000000528964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab06e08735606dc12021-12-21 11:26:16.693root 11241100x8000000000000000528965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b967e7658941412021-12-21 11:26:16.693root 11241100x8000000000000000528966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a1bf2ce6f943db2021-12-21 11:26:16.693root 11241100x8000000000000000528967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b342029f3be692021-12-21 11:26:16.693root 11241100x8000000000000000528968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e8bf095475bcb52021-12-21 11:26:16.693root 11241100x8000000000000000528969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7731dc18cf6a262021-12-21 11:26:16.693root 11241100x8000000000000000528970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee9bd8e523245e52021-12-21 11:26:16.693root 11241100x8000000000000000528971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddfe42ac068d27d2021-12-21 11:26:16.694root 11241100x8000000000000000528972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582907aae87b65182021-12-21 11:26:16.694root 11241100x8000000000000000528973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8042bf32e4a3020b2021-12-21 11:26:16.694root 11241100x8000000000000000528974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e9d4cc04c2691a2021-12-21 11:26:16.694root 11241100x8000000000000000528975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828ff40ad4b9af72021-12-21 11:26:16.694root 354300x8000000000000000528976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.068{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48536-false10.0.1.12-8000- 11241100x8000000000000000528977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b1835262e939b72021-12-21 11:26:17.068root 11241100x8000000000000000528978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908128e311122bc62021-12-21 11:26:17.068root 11241100x8000000000000000528979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950f9540ca07c35b2021-12-21 11:26:17.069root 11241100x8000000000000000528980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a256be1ffa8aba0d2021-12-21 11:26:17.069root 11241100x8000000000000000528981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fbf801a6afd3052021-12-21 11:26:17.069root 11241100x8000000000000000528982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0df6990e2acae202021-12-21 11:26:17.069root 11241100x8000000000000000528983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929f99a15c61ef1b2021-12-21 11:26:17.069root 11241100x8000000000000000528984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842e5bd287b86a72021-12-21 11:26:17.069root 11241100x8000000000000000528985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771990f7429b5ce72021-12-21 11:26:17.069root 11241100x8000000000000000528986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d6a0c6457685ff2021-12-21 11:26:17.069root 11241100x8000000000000000528987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eea3c40eaf683d12021-12-21 11:26:17.069root 11241100x8000000000000000528988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b90cc669644ea2021-12-21 11:26:17.069root 11241100x8000000000000000528989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f05fc7c27937d512021-12-21 11:26:17.069root 11241100x8000000000000000528990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9570eb7574d43d852021-12-21 11:26:17.070root 11241100x8000000000000000528991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2318d4f0429fa1292021-12-21 11:26:17.070root 11241100x8000000000000000528992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e3abe497b7b3be2021-12-21 11:26:17.070root 11241100x8000000000000000528993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f761f9a1dc778f82021-12-21 11:26:17.070root 11241100x8000000000000000528994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d568a88d34d6122021-12-21 11:26:17.070root 11241100x8000000000000000528995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efd760f46127a142021-12-21 11:26:17.442root 11241100x8000000000000000528996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada976f8c84f6e6e2021-12-21 11:26:17.443root 11241100x8000000000000000528997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a48d3773e43642021-12-21 11:26:17.443root 11241100x8000000000000000528998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae33615ddf5306e2021-12-21 11:26:17.443root 11241100x8000000000000000528999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279ded5610b07d2a2021-12-21 11:26:17.443root 11241100x8000000000000000529000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5411ccb9cdcf8c882021-12-21 11:26:17.443root 11241100x8000000000000000529001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aab839a74389a22021-12-21 11:26:17.444root 11241100x8000000000000000529002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a39b6ad9432397c2021-12-21 11:26:17.444root 11241100x8000000000000000529003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a03bf0924154f12021-12-21 11:26:17.444root 11241100x8000000000000000529004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9cc38c25d99da02021-12-21 11:26:17.444root 11241100x8000000000000000529005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a6d149c13c6342021-12-21 11:26:17.444root 11241100x8000000000000000529006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baae36b9bb30cf322021-12-21 11:26:17.444root 11241100x8000000000000000529007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0031614654a732021-12-21 11:26:17.445root 11241100x8000000000000000529008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ecc053c1ac77752021-12-21 11:26:17.445root 11241100x8000000000000000529009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fcc8297cb68fcd2021-12-21 11:26:17.445root 11241100x8000000000000000529010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d7557a8e18c182021-12-21 11:26:17.445root 11241100x8000000000000000529011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ce8377c881bcd82021-12-21 11:26:17.445root 11241100x8000000000000000529012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e415f2b3205974a2021-12-21 11:26:17.446root 11241100x8000000000000000529013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ad4b42436f2c272021-12-21 11:26:17.446root 11241100x8000000000000000529014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783b19dc145c16a72021-12-21 11:26:17.446root 11241100x8000000000000000529015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe40961526393c5f2021-12-21 11:26:17.943root 11241100x8000000000000000529016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0981d8ff436d6f2021-12-21 11:26:17.943root 11241100x8000000000000000529017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d078f7497984e0e2021-12-21 11:26:17.943root 11241100x8000000000000000529018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393d78725d5fbdde2021-12-21 11:26:17.943root 11241100x8000000000000000529019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7321fec20927532021-12-21 11:26:17.944root 11241100x8000000000000000529020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824cbe4608a14bbb2021-12-21 11:26:17.944root 11241100x8000000000000000529021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a62b2184b6b2702021-12-21 11:26:17.944root 11241100x8000000000000000529022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ada93f9a7e61c2021-12-21 11:26:17.945root 11241100x8000000000000000529023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd7963c8ecdff272021-12-21 11:26:17.945root 11241100x8000000000000000529024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a634305669c9a712021-12-21 11:26:17.945root 11241100x8000000000000000529025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33a39cb67bf0362021-12-21 11:26:17.945root 11241100x8000000000000000529026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df139ad568b338da2021-12-21 11:26:17.945root 11241100x8000000000000000529027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcd913f4d3ba4f02021-12-21 11:26:17.945root 11241100x8000000000000000529028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b534f05072f1d72021-12-21 11:26:17.945root 11241100x8000000000000000529029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b1a9a3da0f7682021-12-21 11:26:17.945root 11241100x8000000000000000529030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9222809ab6fd89392021-12-21 11:26:17.945root 11241100x8000000000000000529031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d7653b101281c22021-12-21 11:26:17.945root 11241100x8000000000000000529032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0f4a24d62892fd2021-12-21 11:26:17.945root 11241100x8000000000000000529033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ee984d87b369092021-12-21 11:26:17.946root 11241100x8000000000000000529034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b0e1e69a8c43a82021-12-21 11:26:17.946root 11241100x8000000000000000529035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf0766419adc3042021-12-21 11:26:17.946root 11241100x8000000000000000529036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d139e5197fb3bd2021-12-21 11:26:17.946root 11241100x8000000000000000529037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807a5ace390b68752021-12-21 11:26:17.946root 11241100x8000000000000000529038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a99713443960cd42021-12-21 11:26:17.947root 11241100x8000000000000000529039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20263a0d141e6c32021-12-21 11:26:17.947root 11241100x8000000000000000529040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c068925a9aec8ca32021-12-21 11:26:17.947root 11241100x8000000000000000529041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6c0199bc2e50282021-12-21 11:26:18.443root 11241100x8000000000000000529042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e1b0058e049522021-12-21 11:26:18.443root 11241100x8000000000000000529043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90d368f4d1c15ca2021-12-21 11:26:18.443root 11241100x8000000000000000529044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792de129b6998a072021-12-21 11:26:18.443root 11241100x8000000000000000529045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e5ff704f615192021-12-21 11:26:18.444root 11241100x8000000000000000529046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ddbc9d02c0567f2021-12-21 11:26:18.444root 11241100x8000000000000000529047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159259085e6445552021-12-21 11:26:18.444root 11241100x8000000000000000529048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e9ac147e2279ca2021-12-21 11:26:18.444root 11241100x8000000000000000529049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da4681140b4de6f2021-12-21 11:26:18.444root 11241100x8000000000000000529050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989f1c678b90c2122021-12-21 11:26:18.444root 11241100x8000000000000000529051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a098be103dc15d652021-12-21 11:26:18.444root 11241100x8000000000000000529052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d368668237239982021-12-21 11:26:18.444root 11241100x8000000000000000529053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b70d3246872abc2021-12-21 11:26:18.444root 11241100x8000000000000000529054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651872384beab0662021-12-21 11:26:18.444root 11241100x8000000000000000529055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b606633725dafdfa2021-12-21 11:26:18.444root 11241100x8000000000000000529056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafd15286356ea072021-12-21 11:26:18.444root 11241100x8000000000000000529057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fb10c04fefe16d2021-12-21 11:26:18.444root 11241100x8000000000000000529058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1245a598a35fba82021-12-21 11:26:18.444root 11241100x8000000000000000529059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b70b6e5ef2c8e522021-12-21 11:26:18.943root 11241100x8000000000000000529060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f97ab8b39ea0582021-12-21 11:26:18.943root 11241100x8000000000000000529061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d168be4d3c1ce39b2021-12-21 11:26:18.943root 11241100x8000000000000000529062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2177b1dfa1df606e2021-12-21 11:26:18.943root 11241100x8000000000000000529063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b975c78781c77a22021-12-21 11:26:18.944root 11241100x8000000000000000529064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2df2c6fc07f7cc32021-12-21 11:26:18.944root 11241100x8000000000000000529065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1578a2a6412cd21d2021-12-21 11:26:18.944root 11241100x8000000000000000529066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b46274ee564422021-12-21 11:26:18.944root 11241100x8000000000000000529067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1539f47e749152b52021-12-21 11:26:18.944root 11241100x8000000000000000529068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5957bb37f42becd22021-12-21 11:26:18.944root 11241100x8000000000000000529069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbd6431aea8da552021-12-21 11:26:18.944root 11241100x8000000000000000529070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f76871495f04e02021-12-21 11:26:18.944root 11241100x8000000000000000529071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666facffc0b384142021-12-21 11:26:18.944root 11241100x8000000000000000529072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3e43306063a9862021-12-21 11:26:18.944root 11241100x8000000000000000529073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da58be37a784c6e2021-12-21 11:26:18.944root 11241100x8000000000000000529074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76b30cd3b2e7e6d2021-12-21 11:26:18.944root 11241100x8000000000000000529075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c3317670457b8d2021-12-21 11:26:18.944root 11241100x8000000000000000529076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c9c0a306757df32021-12-21 11:26:18.944root 11241100x8000000000000000529077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28690ef09922eced2021-12-21 11:26:19.443root 11241100x8000000000000000529078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c8b103776440ec2021-12-21 11:26:19.443root 11241100x8000000000000000529079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498a743d83b7dd7f2021-12-21 11:26:19.443root 11241100x8000000000000000529080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d571973ea42892021-12-21 11:26:19.443root 11241100x8000000000000000529081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eacb7754a68258e2021-12-21 11:26:19.443root 11241100x8000000000000000529082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4ea830bc0647d02021-12-21 11:26:19.444root 11241100x8000000000000000529083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d2c7b271a0ae102021-12-21 11:26:19.444root 11241100x8000000000000000529084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80d4db2543cace52021-12-21 11:26:19.444root 11241100x8000000000000000529085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e56eb53cbfc132021-12-21 11:26:19.444root 11241100x8000000000000000529086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0415fbe7753df292021-12-21 11:26:19.444root 11241100x8000000000000000529087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0509539751fd85002021-12-21 11:26:19.444root 11241100x8000000000000000529088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeb217cda760d2e2021-12-21 11:26:19.444root 11241100x8000000000000000529089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea312425de051762021-12-21 11:26:19.444root 11241100x8000000000000000529090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69babd924131a1b2021-12-21 11:26:19.444root 11241100x8000000000000000529091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8930c17e6c38d6712021-12-21 11:26:19.444root 11241100x8000000000000000529092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d62c28a18be64472021-12-21 11:26:19.445root 11241100x8000000000000000529093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa00dce5575056f2021-12-21 11:26:19.445root 11241100x8000000000000000529094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970820566369c4f02021-12-21 11:26:19.445root 11241100x8000000000000000529095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d98e3f586a3c4c42021-12-21 11:26:19.445root 11241100x8000000000000000529096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8062ea78ae65eb212021-12-21 11:26:19.445root 11241100x8000000000000000529097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c89068e4b1e05772021-12-21 11:26:19.445root 11241100x8000000000000000529098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09557362cf7bee862021-12-21 11:26:19.445root 11241100x8000000000000000529099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307c13e38c0401372021-12-21 11:26:19.445root 11241100x8000000000000000529100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812d9959a79c676b2021-12-21 11:26:19.445root 11241100x8000000000000000529101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677ee1960c0eea122021-12-21 11:26:19.445root 11241100x8000000000000000529102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe3b77b6518cfa2021-12-21 11:26:19.446root 11241100x8000000000000000529103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e665e0ede3e6902021-12-21 11:26:19.446root 11241100x8000000000000000529104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230d4a4a18d6df412021-12-21 11:26:19.446root 11241100x8000000000000000529105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f0889802eb80082021-12-21 11:26:19.446root 11241100x8000000000000000529106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c356fe19952586da2021-12-21 11:26:19.446root 11241100x8000000000000000529107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39702f17b881475f2021-12-21 11:26:19.446root 11241100x8000000000000000529108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624c28927b7815ed2021-12-21 11:26:19.446root 11241100x8000000000000000529109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8648b23c2018b5e22021-12-21 11:26:19.446root 11241100x8000000000000000529110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5baf25e2ef16a52021-12-21 11:26:19.943root 11241100x8000000000000000529111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebae06558ba1ebd82021-12-21 11:26:19.943root 11241100x8000000000000000529112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ce736a5ec64aa62021-12-21 11:26:19.943root 11241100x8000000000000000529113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4ed6f7e8960862021-12-21 11:26:19.943root 11241100x8000000000000000529114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1bbb9ef83426182021-12-21 11:26:19.943root 11241100x8000000000000000529115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0812eea602ea4072021-12-21 11:26:19.943root 11241100x8000000000000000529116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c3cd2d39bd488f2021-12-21 11:26:19.943root 11241100x8000000000000000529117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dc05012e9a6d9d2021-12-21 11:26:19.943root 11241100x8000000000000000529118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b149270836b3f72021-12-21 11:26:19.944root 11241100x8000000000000000529119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04356c76db328a7c2021-12-21 11:26:19.944root 11241100x8000000000000000529120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57150afdd57c24a22021-12-21 11:26:19.944root 11241100x8000000000000000529121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0471c3a2c7697e42021-12-21 11:26:19.944root 11241100x8000000000000000529122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4e3e73e68a72f72021-12-21 11:26:19.944root 11241100x8000000000000000529123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d8394499e1501e2021-12-21 11:26:19.944root 11241100x8000000000000000529124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b138a29ab4fa3dbd2021-12-21 11:26:19.944root 11241100x8000000000000000529125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a4bdde645c4122021-12-21 11:26:19.944root 11241100x8000000000000000529126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67cfc5582c5e8f2021-12-21 11:26:19.944root 11241100x8000000000000000529127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b3f79c1e6713a82021-12-21 11:26:19.944root 11241100x8000000000000000529128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b25e29350a3283f2021-12-21 11:26:20.443root 11241100x8000000000000000529129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc352d4086273e82021-12-21 11:26:20.443root 11241100x8000000000000000529130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f222a70ca5fc142021-12-21 11:26:20.443root 11241100x8000000000000000529131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7775bd9143cbf32021-12-21 11:26:20.443root 11241100x8000000000000000529132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df01a78c1e78a4e2021-12-21 11:26:20.443root 11241100x8000000000000000529133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8658da45eea603552021-12-21 11:26:20.444root 11241100x8000000000000000529134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ce4c54d41021b02021-12-21 11:26:20.444root 11241100x8000000000000000529135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeada33c00b02e42021-12-21 11:26:20.444root 11241100x8000000000000000529136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa04152397de36b2021-12-21 11:26:20.444root 11241100x8000000000000000529137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cfce5de1ab48912021-12-21 11:26:20.444root 11241100x8000000000000000529138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcb176f9ef081132021-12-21 11:26:20.444root 11241100x8000000000000000529139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b1bbdadcdfc0b32021-12-21 11:26:20.444root 11241100x8000000000000000529140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6f293ed9a047912021-12-21 11:26:20.444root 11241100x8000000000000000529141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deca276ddcf0c98e2021-12-21 11:26:20.444root 11241100x8000000000000000529142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fda3762bedc3382021-12-21 11:26:20.444root 11241100x8000000000000000529143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4378f298a743b1e22021-12-21 11:26:20.444root 11241100x8000000000000000529144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc0b1083a2eaa232021-12-21 11:26:20.444root 11241100x8000000000000000529145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54074477696e57ec2021-12-21 11:26:20.444root 11241100x8000000000000000529146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7f34227773b09c2021-12-21 11:26:20.943root 11241100x8000000000000000529147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d2bb837bc8cac62021-12-21 11:26:20.943root 11241100x8000000000000000529148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26b59dfecf68f302021-12-21 11:26:20.943root 11241100x8000000000000000529149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10910902d3e6e7862021-12-21 11:26:20.943root 11241100x8000000000000000529150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f9278c0ea553832021-12-21 11:26:20.944root 11241100x8000000000000000529151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04b6719677f39452021-12-21 11:26:20.944root 11241100x8000000000000000529152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da17de0ca56f531b2021-12-21 11:26:20.944root 11241100x8000000000000000529153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9930d355ecdc06782021-12-21 11:26:20.944root 11241100x8000000000000000529154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aebdc412dbf321a2021-12-21 11:26:20.944root 11241100x8000000000000000529155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c34caf0bf0f502021-12-21 11:26:20.944root 11241100x8000000000000000529156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3117c5463f265e822021-12-21 11:26:20.944root 11241100x8000000000000000529157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c66f57aa79dff22021-12-21 11:26:20.944root 11241100x8000000000000000529158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87779ccbef8eb132021-12-21 11:26:20.944root 11241100x8000000000000000529159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4bd81804edfe2d2021-12-21 11:26:20.944root 11241100x8000000000000000529160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b475a2cc3fc5d0f62021-12-21 11:26:20.945root 11241100x8000000000000000529161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3cff86b5bd7ad02021-12-21 11:26:20.945root 11241100x8000000000000000529162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee1ab7797e25d762021-12-21 11:26:20.945root 11241100x8000000000000000529163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7ca1b0876e88592021-12-21 11:26:20.945root 11241100x8000000000000000529164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644fbf403685e66f2021-12-21 11:26:21.443root 11241100x8000000000000000529165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb0418ffaa87d382021-12-21 11:26:21.443root 11241100x8000000000000000529166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b58efe62954df812021-12-21 11:26:21.443root 11241100x8000000000000000529167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad947aa8adfea7462021-12-21 11:26:21.443root 11241100x8000000000000000529168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f8723062b4f1772021-12-21 11:26:21.444root 11241100x8000000000000000529169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb0abf0f711aed72021-12-21 11:26:21.444root 11241100x8000000000000000529170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c21f5594dd4c832021-12-21 11:26:21.444root 11241100x8000000000000000529171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860623db37d43b0d2021-12-21 11:26:21.444root 11241100x8000000000000000529172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a48b7774f1482f22021-12-21 11:26:21.444root 11241100x8000000000000000529173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1617833e636e619f2021-12-21 11:26:21.444root 11241100x8000000000000000529174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e893493831e4eb32021-12-21 11:26:21.444root 11241100x8000000000000000529175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb0b0e2400a89c2021-12-21 11:26:21.444root 11241100x8000000000000000529176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df91afbbe6150492021-12-21 11:26:21.444root 11241100x8000000000000000529177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ef222acda500682021-12-21 11:26:21.444root 11241100x8000000000000000529178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963c9af5c1478f142021-12-21 11:26:21.445root 11241100x8000000000000000529179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b18de2bf7b5cb672021-12-21 11:26:21.445root 11241100x8000000000000000529180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bb54ba9777f1412021-12-21 11:26:21.445root 11241100x8000000000000000529181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b094e5374ab2d7fa2021-12-21 11:26:21.445root 11241100x8000000000000000529182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922bde47cc1ed8742021-12-21 11:26:21.943root 11241100x8000000000000000529183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ad96aaffb8d0b12021-12-21 11:26:21.943root 11241100x8000000000000000529184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b88383aba1d892021-12-21 11:26:21.943root 11241100x8000000000000000529185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80099f2262a3e2882021-12-21 11:26:21.943root 11241100x8000000000000000529186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4084e76ba145592021-12-21 11:26:21.943root 11241100x8000000000000000529187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bc08fbc70163f82021-12-21 11:26:21.944root 11241100x8000000000000000529188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de07367d1dd67dfe2021-12-21 11:26:21.944root 11241100x8000000000000000529189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba00e8ef21aa4acf2021-12-21 11:26:21.944root 11241100x8000000000000000529190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e55e371989221a2021-12-21 11:26:21.944root 11241100x8000000000000000529191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b0d364ebfbb3112021-12-21 11:26:21.944root 11241100x8000000000000000529192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3788649027fb60872021-12-21 11:26:21.944root 11241100x8000000000000000529193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28e902b7751ff3f2021-12-21 11:26:21.944root 11241100x8000000000000000529194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b0ae12fc568c162021-12-21 11:26:21.944root 11241100x8000000000000000529195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f879e3a5b542f22021-12-21 11:26:21.944root 11241100x8000000000000000529196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb520adb310bf4a92021-12-21 11:26:21.944root 11241100x8000000000000000529197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf7da1d9cded58f2021-12-21 11:26:21.944root 11241100x8000000000000000529198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde7d196532d41d42021-12-21 11:26:21.945root 11241100x8000000000000000529199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcc8d93c3a4d77d2021-12-21 11:26:21.945root 354300x8000000000000000529200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.222{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48538-false10.0.1.12-8000- 11241100x8000000000000000529201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c55f5e4a3ba6292021-12-21 11:26:22.222root 11241100x8000000000000000529202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42a4229bc4efe222021-12-21 11:26:22.223root 11241100x8000000000000000529203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a761d77a6efdf6cc2021-12-21 11:26:22.223root 11241100x8000000000000000529204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de678011d6a37b982021-12-21 11:26:22.223root 11241100x8000000000000000529205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd05b89535bcd13e2021-12-21 11:26:22.223root 11241100x8000000000000000529206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22413c0a0e3c9782021-12-21 11:26:22.224root 11241100x8000000000000000529207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc8c149351ade672021-12-21 11:26:22.224root 11241100x8000000000000000529208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce6608d6a4515a62021-12-21 11:26:22.224root 11241100x8000000000000000529209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b653ae459121f162021-12-21 11:26:22.224root 11241100x8000000000000000529210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d33bf3dfa573d2021-12-21 11:26:22.224root 11241100x8000000000000000529211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17a06e809fb6eb72021-12-21 11:26:22.224root 11241100x8000000000000000529212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6d273bc22dd4002021-12-21 11:26:22.224root 11241100x8000000000000000529213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3cff5ffc7c50982021-12-21 11:26:22.224root 11241100x8000000000000000529214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228b13db116952162021-12-21 11:26:22.224root 11241100x8000000000000000529215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569b9b9801faaf222021-12-21 11:26:22.224root 11241100x8000000000000000529216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebdcd6a0edcb1502021-12-21 11:26:22.225root 11241100x8000000000000000529217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b71f2817b852e502021-12-21 11:26:22.225root 11241100x8000000000000000529218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b59e01d90eae9b2021-12-21 11:26:22.225root 11241100x8000000000000000529219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2737265cf3bcf46b2021-12-21 11:26:22.225root 11241100x8000000000000000529220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f554768d16b28f322021-12-21 11:26:22.225root 11241100x8000000000000000529221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b716c95b58653f2021-12-21 11:26:22.225root 11241100x8000000000000000529222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681f5cc3c5888ae22021-12-21 11:26:22.693root 11241100x8000000000000000529223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c33faeefee369dc2021-12-21 11:26:22.693root 11241100x8000000000000000529224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f5fafc54b477942021-12-21 11:26:22.693root 11241100x8000000000000000529225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26d60457d26e1c82021-12-21 11:26:22.693root 11241100x8000000000000000529226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f87cd95844d05e52021-12-21 11:26:22.693root 11241100x8000000000000000529227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eaa9bd351537bc2021-12-21 11:26:22.693root 11241100x8000000000000000529228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92146756a23131b42021-12-21 11:26:22.693root 11241100x8000000000000000529229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4b4e9a1de50b9e2021-12-21 11:26:22.693root 11241100x8000000000000000529230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9aa41710a508e82021-12-21 11:26:22.693root 11241100x8000000000000000529231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609367c26d7557d62021-12-21 11:26:22.693root 11241100x8000000000000000529232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a57c2207a2421b2021-12-21 11:26:22.694root 11241100x8000000000000000529233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a430aece2639b96b2021-12-21 11:26:22.694root 11241100x8000000000000000529234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdae98c73baa1f82021-12-21 11:26:22.694root 11241100x8000000000000000529235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d450983a0146592021-12-21 11:26:22.694root 11241100x8000000000000000529236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d39f0135f003e7a2021-12-21 11:26:22.694root 11241100x8000000000000000529237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86c1f6fa3b9eda52021-12-21 11:26:22.694root 11241100x8000000000000000529238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611c9426134d849b2021-12-21 11:26:22.694root 11241100x8000000000000000529239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118941a114ebe052021-12-21 11:26:22.694root 11241100x8000000000000000529240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718decaad83179502021-12-21 11:26:22.695root 11241100x8000000000000000529241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd5efa8234dabd02021-12-21 11:26:23.193root 11241100x8000000000000000529242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb73204a4900a42021-12-21 11:26:23.193root 11241100x8000000000000000529243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ecf3d891cd76812021-12-21 11:26:23.193root 11241100x8000000000000000529244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba0498f2da11842021-12-21 11:26:23.193root 11241100x8000000000000000529245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556052cf076f86592021-12-21 11:26:23.193root 11241100x8000000000000000529246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988670a7db4f6d412021-12-21 11:26:23.194root 11241100x8000000000000000529247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726a7c7c9f4ed9562021-12-21 11:26:23.194root 11241100x8000000000000000529248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e904f24cd6e485042021-12-21 11:26:23.194root 11241100x8000000000000000529249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b8aded53199cf42021-12-21 11:26:23.194root 11241100x8000000000000000529250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34d6aec35a777e12021-12-21 11:26:23.194root 11241100x8000000000000000529251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0319aa88bf713bc52021-12-21 11:26:23.194root 11241100x8000000000000000529252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3be3e7b529c6912021-12-21 11:26:23.194root 11241100x8000000000000000529253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7f5bbcd8128e522021-12-21 11:26:23.194root 11241100x8000000000000000529254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecdb07818baa0c82021-12-21 11:26:23.194root 11241100x8000000000000000529255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d3e37563e1198c2021-12-21 11:26:23.194root 11241100x8000000000000000529256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188f28f143e259562021-12-21 11:26:23.194root 11241100x8000000000000000529257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0cbcb6ebfba0962021-12-21 11:26:23.194root 11241100x8000000000000000529258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2276da6831faa992021-12-21 11:26:23.194root 11241100x8000000000000000529259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b07a0286c3ca932021-12-21 11:26:23.194root 11241100x8000000000000000529260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925b9259c87c9c202021-12-21 11:26:23.693root 11241100x8000000000000000529261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084f3d6678c208362021-12-21 11:26:23.693root 11241100x8000000000000000529262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a017da2c4eac6eae2021-12-21 11:26:23.693root 11241100x8000000000000000529263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f15c32b75eb68012021-12-21 11:26:23.694root 11241100x8000000000000000529264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00cee1800002a052021-12-21 11:26:23.694root 11241100x8000000000000000529265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd5acea72f2c4582021-12-21 11:26:23.694root 11241100x8000000000000000529266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30929ad8a152bc6b2021-12-21 11:26:23.694root 11241100x8000000000000000529267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5675f229dc95f852021-12-21 11:26:23.694root 11241100x8000000000000000529268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171c07e576c6fe412021-12-21 11:26:23.695root 11241100x8000000000000000529269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ccc377967518f72021-12-21 11:26:23.695root 11241100x8000000000000000529270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a3e0e659b0b522021-12-21 11:26:23.695root 11241100x8000000000000000529271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bf1df93816b3f42021-12-21 11:26:23.695root 11241100x8000000000000000529272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5616ba13e09ded342021-12-21 11:26:23.695root 11241100x8000000000000000529273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87223d718a208b02021-12-21 11:26:23.695root 11241100x8000000000000000529274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef27b84285beb72021-12-21 11:26:23.696root 11241100x8000000000000000529275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2471b24be3f875a2021-12-21 11:26:23.696root 11241100x8000000000000000529276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf96459b2761e132021-12-21 11:26:23.696root 11241100x8000000000000000529277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8e64f88bd66862021-12-21 11:26:23.696root 11241100x8000000000000000529278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f43dc342f155c32021-12-21 11:26:23.696root 11241100x8000000000000000529279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec3378976efb4e52021-12-21 11:26:24.193root 11241100x8000000000000000529280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc46d6323961cbb2021-12-21 11:26:24.193root 11241100x8000000000000000529281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d9f76be91ea19f2021-12-21 11:26:24.194root 11241100x8000000000000000529282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53c8d97a9573b122021-12-21 11:26:24.194root 11241100x8000000000000000529283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb48c8d41275d9ed2021-12-21 11:26:24.194root 11241100x8000000000000000529284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f8355046e7edff2021-12-21 11:26:24.194root 11241100x8000000000000000529285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de947084ada9a692021-12-21 11:26:24.194root 11241100x8000000000000000529286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c968e80e8019132021-12-21 11:26:24.195root 11241100x8000000000000000529287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af50f0a32587efbf2021-12-21 11:26:24.195root 11241100x8000000000000000529288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d0712ac279d87e2021-12-21 11:26:24.195root 11241100x8000000000000000529289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3dfb1d25dd969d2021-12-21 11:26:24.195root 11241100x8000000000000000529290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e628a99579de322021-12-21 11:26:24.195root 11241100x8000000000000000529291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dae10d4107ff1f2021-12-21 11:26:24.196root 11241100x8000000000000000529292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8382a529be3244882021-12-21 11:26:24.196root 11241100x8000000000000000529293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f31882c49f4b1d2021-12-21 11:26:24.196root 11241100x8000000000000000529294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c17977419771be82021-12-21 11:26:24.196root 11241100x8000000000000000529295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3e10fc63f3890d2021-12-21 11:26:24.196root 11241100x8000000000000000529296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aa82cf1fd8b6482021-12-21 11:26:24.196root 11241100x8000000000000000529297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f3eddb72f46bda2021-12-21 11:26:24.196root 11241100x8000000000000000529298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade5215c3ee2c8e92021-12-21 11:26:24.693root 11241100x8000000000000000529299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64242b69aac4c822021-12-21 11:26:24.693root 11241100x8000000000000000529300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604d2c5e71edc87e2021-12-21 11:26:24.693root 11241100x8000000000000000529301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040305d1f03056f52021-12-21 11:26:24.693root 11241100x8000000000000000529302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e5735a5f5e79322021-12-21 11:26:24.694root 11241100x8000000000000000529303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f01bfa480292d42021-12-21 11:26:24.694root 11241100x8000000000000000529304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eab573e7e9b16a2021-12-21 11:26:24.694root 11241100x8000000000000000529305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644880be6c2e67af2021-12-21 11:26:24.694root 11241100x8000000000000000529306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc5fd9d51c6b382021-12-21 11:26:24.694root 11241100x8000000000000000529307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6200d475220f332021-12-21 11:26:24.694root 11241100x8000000000000000529308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6d1ab7c9962fb2021-12-21 11:26:24.694root 11241100x8000000000000000529309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cde1c41d66aadea2021-12-21 11:26:24.694root 11241100x8000000000000000529310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b8d86fec8590a2021-12-21 11:26:24.694root 11241100x8000000000000000529311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca69e85fcf8fd2dc2021-12-21 11:26:24.694root 11241100x8000000000000000529312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d8a4826e9d80452021-12-21 11:26:24.694root 11241100x8000000000000000529313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627dff062e9a6502021-12-21 11:26:24.694root 11241100x8000000000000000529314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d68cb0243529972021-12-21 11:26:24.694root 11241100x8000000000000000529315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa225da5c6128192021-12-21 11:26:24.694root 11241100x8000000000000000529316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee00e6d1fa1d7e2021-12-21 11:26:24.694root 11241100x8000000000000000529317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377dd3eb36d896422021-12-21 11:26:25.193root 11241100x8000000000000000529318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b424ccad73c55e2021-12-21 11:26:25.193root 11241100x8000000000000000529319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16169b5ed29f0542021-12-21 11:26:25.193root 11241100x8000000000000000529320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b928bb754cf1772021-12-21 11:26:25.193root 11241100x8000000000000000529321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f89e1d4356f3c32021-12-21 11:26:25.194root 11241100x8000000000000000529322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbd74f616c08b2f2021-12-21 11:26:25.194root 11241100x8000000000000000529323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf509e3a9719752021-12-21 11:26:25.194root 11241100x8000000000000000529324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac992819f7d3c8482021-12-21 11:26:25.194root 11241100x8000000000000000529325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d9c3a2f98fc6d2021-12-21 11:26:25.194root 11241100x8000000000000000529326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf8eb87d5cd44942021-12-21 11:26:25.194root 11241100x8000000000000000529327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187f6955a90e09582021-12-21 11:26:25.194root 11241100x8000000000000000529328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7de5f73c1a32b52021-12-21 11:26:25.194root 11241100x8000000000000000529329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3253230989e8103b2021-12-21 11:26:25.194root 11241100x8000000000000000529330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584f999c35f2093f2021-12-21 11:26:25.194root 11241100x8000000000000000529331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444c2e1f580692552021-12-21 11:26:25.194root 11241100x8000000000000000529332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c1fd4743c34692021-12-21 11:26:25.194root 11241100x8000000000000000529333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32db79caee893bf2021-12-21 11:26:25.194root 11241100x8000000000000000529334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61298cdb7964a3f92021-12-21 11:26:25.194root 11241100x8000000000000000529335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7215d2f02a11c5a02021-12-21 11:26:25.194root 354300x8000000000000000529336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.454{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35604-false10.0.1.12-8089- 11241100x8000000000000000529337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd10e633211351ed2021-12-21 11:26:25.454root 11241100x8000000000000000529338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c54ead123395e22021-12-21 11:26:25.454root 11241100x8000000000000000529339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf6e1289599ba6e2021-12-21 11:26:25.454root 11241100x8000000000000000529340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688d7de8c5f706f02021-12-21 11:26:25.454root 11241100x8000000000000000529341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6ac2f67648a8d82021-12-21 11:26:25.455root 11241100x8000000000000000529342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe17b356f1a9a692021-12-21 11:26:25.455root 11241100x8000000000000000529343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca261b7ae28392492021-12-21 11:26:25.455root 11241100x8000000000000000529344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3a6f2e1ba07b9c2021-12-21 11:26:25.455root 11241100x8000000000000000529345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c3bfdc0449c20d2021-12-21 11:26:25.455root 11241100x8000000000000000529346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34be7bfcd76db07d2021-12-21 11:26:25.455root 11241100x8000000000000000529347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8aeb64c6811e94d2021-12-21 11:26:25.455root 11241100x8000000000000000529348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08b6dd117d0941f2021-12-21 11:26:25.455root 11241100x8000000000000000529349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68691e55da3c6622021-12-21 11:26:25.455root 11241100x8000000000000000529350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e097421913dee2021-12-21 11:26:25.455root 11241100x8000000000000000529351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676394f1cc99e9de2021-12-21 11:26:25.455root 11241100x8000000000000000529352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a636e00c017632d2021-12-21 11:26:25.455root 11241100x8000000000000000529353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c5f51674788e672021-12-21 11:26:25.455root 11241100x8000000000000000529354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622112c203b7dba72021-12-21 11:26:25.455root 11241100x8000000000000000529355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a695d9750e81b9282021-12-21 11:26:25.456root 11241100x8000000000000000529356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef08044802318f62021-12-21 11:26:25.456root 11241100x8000000000000000529357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfcf4f364c7aba82021-12-21 11:26:25.456root 11241100x8000000000000000529358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e885329aad5c462021-12-21 11:26:25.456root 11241100x8000000000000000529359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd341c6e2ec8182021-12-21 11:26:25.456root 11241100x8000000000000000529360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82294ef66879b0a32021-12-21 11:26:25.943root 11241100x8000000000000000529361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c148814b6af9612021-12-21 11:26:25.943root 11241100x8000000000000000529362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd8baa77d4ccd9a2021-12-21 11:26:25.944root 11241100x8000000000000000529363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a772b16fb51d45732021-12-21 11:26:25.944root 11241100x8000000000000000529364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab480fcc70ea4dae2021-12-21 11:26:25.944root 11241100x8000000000000000529365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99567a96abb13f112021-12-21 11:26:25.944root 11241100x8000000000000000529366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880ccde9e585f6c22021-12-21 11:26:25.944root 11241100x8000000000000000529367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4bafe8f8b11c692021-12-21 11:26:25.944root 11241100x8000000000000000529368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077de5b9106384a02021-12-21 11:26:25.945root 11241100x8000000000000000529369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4098e1653352da72021-12-21 11:26:25.945root 11241100x8000000000000000529370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f65ad0c6bb7fd62021-12-21 11:26:25.945root 11241100x8000000000000000529371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e445369927ec2b2021-12-21 11:26:25.945root 11241100x8000000000000000529372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eff12af965385002021-12-21 11:26:25.945root 11241100x8000000000000000529373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc3e387d27159352021-12-21 11:26:25.945root 11241100x8000000000000000529374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d393c01d2bd62032021-12-21 11:26:25.945root 11241100x8000000000000000529375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59b4bcb06b0e0b72021-12-21 11:26:25.946root 11241100x8000000000000000529376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56feb926b2a69c802021-12-21 11:26:25.946root 11241100x8000000000000000529377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2accca3d1a0a3bc82021-12-21 11:26:25.946root 11241100x8000000000000000529378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7698d1d86f67502021-12-21 11:26:25.946root 11241100x8000000000000000529379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0aee071d5379722021-12-21 11:26:25.946root 11241100x8000000000000000529380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122e4d521abf99882021-12-21 11:26:26.443root 11241100x8000000000000000529381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5e578be2c62e9e2021-12-21 11:26:26.443root 11241100x8000000000000000529382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c1f9e0eaf1eb982021-12-21 11:26:26.443root 11241100x8000000000000000529383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae74a45b3ad0c562021-12-21 11:26:26.443root 11241100x8000000000000000529384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738d6ac1a14acffb2021-12-21 11:26:26.444root 11241100x8000000000000000529385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6f6e4b1c27bc12021-12-21 11:26:26.444root 11241100x8000000000000000529386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37a806cbe09f7662021-12-21 11:26:26.444root 11241100x8000000000000000529387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34a341e3793c39b2021-12-21 11:26:26.444root 11241100x8000000000000000529388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed3584ed48804942021-12-21 11:26:26.444root 11241100x8000000000000000529389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450fc1f9630f770c2021-12-21 11:26:26.444root 11241100x8000000000000000529390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dc8e9a8f972d2c2021-12-21 11:26:26.444root 11241100x8000000000000000529391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7456254d72d925ed2021-12-21 11:26:26.444root 11241100x8000000000000000529392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe4e87dfedebba02021-12-21 11:26:26.444root 11241100x8000000000000000529393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d5500f54ad2fba2021-12-21 11:26:26.444root 11241100x8000000000000000529394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878321d7738893f42021-12-21 11:26:26.444root 11241100x8000000000000000529395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5eb2fd316585be2021-12-21 11:26:26.444root 11241100x8000000000000000529396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fc2b56db9a2e722021-12-21 11:26:26.444root 11241100x8000000000000000529397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1c37d226c900e32021-12-21 11:26:26.444root 11241100x8000000000000000529398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdda693b331e1d12021-12-21 11:26:26.444root 11241100x8000000000000000529399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd681092519a969c2021-12-21 11:26:26.444root 11241100x8000000000000000529400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f4597880aa9ee02021-12-21 11:26:26.943root 11241100x8000000000000000529401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fa18c87a9e8c962021-12-21 11:26:26.943root 11241100x8000000000000000529402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10b5d7f0b3695962021-12-21 11:26:26.943root 11241100x8000000000000000529403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d37fb6fbfc48852021-12-21 11:26:26.944root 11241100x8000000000000000529404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824fddddb9494b92021-12-21 11:26:26.944root 11241100x8000000000000000529405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c156a297eb5838bc2021-12-21 11:26:26.944root 11241100x8000000000000000529406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc59d8eadf2da1c2021-12-21 11:26:26.944root 11241100x8000000000000000529407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15766c9d9f962d872021-12-21 11:26:26.944root 11241100x8000000000000000529408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95592a466240692c2021-12-21 11:26:26.944root 11241100x8000000000000000529409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed0e7ee062167042021-12-21 11:26:26.944root 11241100x8000000000000000529410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7a3f01357148392021-12-21 11:26:26.944root 11241100x8000000000000000529411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac047165468ea6e2021-12-21 11:26:26.944root 11241100x8000000000000000529412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba7d8cc1cf8216d2021-12-21 11:26:26.944root 11241100x8000000000000000529413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe69726fb30c2eb2021-12-21 11:26:26.945root 11241100x8000000000000000529414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab193d22e433b3ed2021-12-21 11:26:26.945root 11241100x8000000000000000529415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929fa54d3cfe81a2021-12-21 11:26:26.945root 11241100x8000000000000000529416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf758a30d149322021-12-21 11:26:26.945root 11241100x8000000000000000529417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2b54195b90bc2e2021-12-21 11:26:26.945root 11241100x8000000000000000529418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc0769968efcf952021-12-21 11:26:26.945root 11241100x8000000000000000529419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab390c930eb71912021-12-21 11:26:26.945root 11241100x8000000000000000529420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6140a88cfd1a85752021-12-21 11:26:27.443root 11241100x8000000000000000529421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d7d36b4a167ed02021-12-21 11:26:27.443root 11241100x8000000000000000529422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c348de786dfe30f02021-12-21 11:26:27.443root 11241100x8000000000000000529423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e46b6ecef90b3d22021-12-21 11:26:27.443root 11241100x8000000000000000529424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e999efc3b1e652021-12-21 11:26:27.443root 11241100x8000000000000000529425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562356b3a58d8c692021-12-21 11:26:27.444root 11241100x8000000000000000529426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eff6b09356538a2021-12-21 11:26:27.444root 11241100x8000000000000000529427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ab4e9b3093b0d2021-12-21 11:26:27.444root 11241100x8000000000000000529428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9006ea07a507ae2021-12-21 11:26:27.444root 11241100x8000000000000000529429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a387fc66145423b72021-12-21 11:26:27.444root 11241100x8000000000000000529430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e74ea6b7350f222021-12-21 11:26:27.444root 11241100x8000000000000000529431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223e2469317e58272021-12-21 11:26:27.444root 11241100x8000000000000000529432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48398efe155828ed2021-12-21 11:26:27.445root 11241100x8000000000000000529433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052fddd27ed098e52021-12-21 11:26:27.445root 11241100x8000000000000000529434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da3e2b5d9b40ab22021-12-21 11:26:27.445root 11241100x8000000000000000529435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d81ad5a5a671d22021-12-21 11:26:27.445root 11241100x8000000000000000529436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab435de8e9d9d9782021-12-21 11:26:27.445root 11241100x8000000000000000529437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6238b41fd94448922021-12-21 11:26:27.445root 11241100x8000000000000000529438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b098785f36a16d302021-12-21 11:26:27.445root 11241100x8000000000000000529439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742f8a56931504932021-12-21 11:26:27.445root 11241100x8000000000000000529440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3986503137994f3e2021-12-21 11:26:27.445root 11241100x8000000000000000529441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47cc777a94c8fa32021-12-21 11:26:27.445root 11241100x8000000000000000529442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5804e04d01be4a42021-12-21 11:26:27.943root 11241100x8000000000000000529443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879bf6284b3b94eb2021-12-21 11:26:27.943root 11241100x8000000000000000529444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca33e92275a2eb2021-12-21 11:26:27.943root 11241100x8000000000000000529445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee852216b728431a2021-12-21 11:26:27.943root 11241100x8000000000000000529446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690272928a8ea0672021-12-21 11:26:27.944root 11241100x8000000000000000529447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1259e0125a114c082021-12-21 11:26:27.944root 11241100x8000000000000000529448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc32984662be0a82021-12-21 11:26:27.944root 11241100x8000000000000000529449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ac7770548010b92021-12-21 11:26:27.944root 11241100x8000000000000000529450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7f66431667a5ea2021-12-21 11:26:27.944root 11241100x8000000000000000529451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b642b352cf8f22021-12-21 11:26:27.944root 11241100x8000000000000000529452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fb43faa74d6fed2021-12-21 11:26:27.944root 11241100x8000000000000000529453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954e3f0458aa653a2021-12-21 11:26:27.944root 11241100x8000000000000000529454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b3a87bfeaa797b2021-12-21 11:26:27.944root 11241100x8000000000000000529455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f0edb1a50978cb2021-12-21 11:26:27.944root 11241100x8000000000000000529456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8512b9653ffa3f022021-12-21 11:26:27.944root 11241100x8000000000000000529457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34450fa5aaff4e432021-12-21 11:26:27.944root 11241100x8000000000000000529458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445a7982b7bbd7062021-12-21 11:26:27.944root 11241100x8000000000000000529459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c490011d4b1af52021-12-21 11:26:27.944root 11241100x8000000000000000529460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950946864d83e6222021-12-21 11:26:27.944root 11241100x8000000000000000529461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0411420422ae5d3d2021-12-21 11:26:27.945root 354300x8000000000000000529462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.031{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48542-false10.0.1.12-8000- 11241100x8000000000000000529463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a25eef52e5524f2021-12-21 11:26:28.443root 11241100x8000000000000000529464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4609e315bef11e2021-12-21 11:26:28.443root 11241100x8000000000000000529465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4669b43f6b482382021-12-21 11:26:28.443root 11241100x8000000000000000529466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67ff43a49dfb1162021-12-21 11:26:28.444root 11241100x8000000000000000529467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c79675d602bc8d92021-12-21 11:26:28.444root 11241100x8000000000000000529468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee6f9491b8c08a62021-12-21 11:26:28.444root 11241100x8000000000000000529469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d526d68c3bb4d0d42021-12-21 11:26:28.444root 11241100x8000000000000000529470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836bc6b26c6f33d52021-12-21 11:26:28.444root 11241100x8000000000000000529471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0cf339745afd202021-12-21 11:26:28.444root 11241100x8000000000000000529472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac47cf282c0ab0ab2021-12-21 11:26:28.444root 11241100x8000000000000000529473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37043d4f04a0e9092021-12-21 11:26:28.444root 11241100x8000000000000000529474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04f4145ba991cde2021-12-21 11:26:28.444root 11241100x8000000000000000529475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e14d5f10833ebab2021-12-21 11:26:28.444root 11241100x8000000000000000529476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb07726bedcb1e912021-12-21 11:26:28.444root 11241100x8000000000000000529477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310a5c05845119532021-12-21 11:26:28.445root 11241100x8000000000000000529478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676fbfb14e3b08462021-12-21 11:26:28.445root 11241100x8000000000000000529479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c5165e038f4c22021-12-21 11:26:28.445root 11241100x8000000000000000529480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3ab0979e0b7c122021-12-21 11:26:28.445root 11241100x8000000000000000529481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5efc63f6c0288e2021-12-21 11:26:28.445root 11241100x8000000000000000529482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd11e722f6cf4152021-12-21 11:26:28.445root 11241100x8000000000000000529483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a719b82e9094e82021-12-21 11:26:28.445root 11241100x8000000000000000529484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df06ba2bbeaa022021-12-21 11:26:28.943root 11241100x8000000000000000529485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a687f43af57a6c2021-12-21 11:26:28.943root 11241100x8000000000000000529486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c06a223e00fc8a2021-12-21 11:26:28.943root 11241100x8000000000000000529487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d40437fba088ac02021-12-21 11:26:28.943root 11241100x8000000000000000529488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05b7a7bb08620c22021-12-21 11:26:28.944root 11241100x8000000000000000529489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede193719cba7b112021-12-21 11:26:28.944root 11241100x8000000000000000529490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8a43977aeda2be2021-12-21 11:26:28.944root 11241100x8000000000000000529491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765c61f270cce8352021-12-21 11:26:28.944root 11241100x8000000000000000529492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffc0849f2299dba2021-12-21 11:26:28.944root 11241100x8000000000000000529493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42f68aaf941a8f72021-12-21 11:26:28.944root 11241100x8000000000000000529494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8d3d52fe87c7ea2021-12-21 11:26:28.944root 11241100x8000000000000000529495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93518a77d62b5092021-12-21 11:26:28.944root 11241100x8000000000000000529496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e11c3d6b33bf8502021-12-21 11:26:28.944root 11241100x8000000000000000529497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14c41f0332eb4b52021-12-21 11:26:28.944root 11241100x8000000000000000529498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d2d649fa342f9a2021-12-21 11:26:28.944root 11241100x8000000000000000529499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc784fd413e026d02021-12-21 11:26:28.944root 11241100x8000000000000000529500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b53c2be6938d0e2021-12-21 11:26:28.944root 11241100x8000000000000000529501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ead3ebe451296cf2021-12-21 11:26:28.944root 11241100x8000000000000000529502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d9364b91b5b4d02021-12-21 11:26:28.944root 11241100x8000000000000000529503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b4dbd01e68c7f2021-12-21 11:26:28.944root 11241100x8000000000000000529504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f968300a09e269262021-12-21 11:26:28.945root 11241100x8000000000000000529505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31fe1d90105c4e42021-12-21 11:26:29.443root 11241100x8000000000000000529506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06330d0dbc74a1c2021-12-21 11:26:29.443root 11241100x8000000000000000529507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b322b61e016e5192021-12-21 11:26:29.443root 11241100x8000000000000000529508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9a6d693235cf942021-12-21 11:26:29.443root 11241100x8000000000000000529509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db98aa68afe96df2021-12-21 11:26:29.443root 11241100x8000000000000000529510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fd2c211c2e368c2021-12-21 11:26:29.444root 11241100x8000000000000000529511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9b2354207907402021-12-21 11:26:29.444root 11241100x8000000000000000529512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c55157b1ae6f162021-12-21 11:26:29.444root 11241100x8000000000000000529513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd3c16eaf05200d2021-12-21 11:26:29.444root 11241100x8000000000000000529514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89851e09de2ef9b82021-12-21 11:26:29.444root 11241100x8000000000000000529515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c443693a6201ca02021-12-21 11:26:29.444root 11241100x8000000000000000529516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc54ca046961f47a2021-12-21 11:26:29.444root 11241100x8000000000000000529517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f703e238128e722021-12-21 11:26:29.444root 11241100x8000000000000000529518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc42a2a0eeac0e622021-12-21 11:26:29.444root 11241100x8000000000000000529519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773bb5f9caf8bf952021-12-21 11:26:29.444root 11241100x8000000000000000529520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272eeaf02448b8aa2021-12-21 11:26:29.444root 11241100x8000000000000000529521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd7f230a9ef890d2021-12-21 11:26:29.444root 11241100x8000000000000000529522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be7afbc966e7e2b2021-12-21 11:26:29.444root 11241100x8000000000000000529523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013896ff66d88c72021-12-21 11:26:29.444root 11241100x8000000000000000529524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a3e7b6988492552021-12-21 11:26:29.444root 11241100x8000000000000000529525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c059e7bee9e2f02021-12-21 11:26:29.445root 11241100x8000000000000000529526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc11e868d12adbd2021-12-21 11:26:29.943root 11241100x8000000000000000529527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc137db35f34e4a72021-12-21 11:26:29.943root 11241100x8000000000000000529528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecab45c41bc032a2021-12-21 11:26:29.943root 11241100x8000000000000000529529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bba464f460a2db2021-12-21 11:26:29.943root 11241100x8000000000000000529530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949ac0bc04852aee2021-12-21 11:26:29.943root 11241100x8000000000000000529531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a68239db0aa60a2021-12-21 11:26:29.943root 11241100x8000000000000000529532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88d2f621d7bfedf2021-12-21 11:26:29.943root 11241100x8000000000000000529533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28931dc5787b7c9c2021-12-21 11:26:29.943root 11241100x8000000000000000529534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c1951c8e8601492021-12-21 11:26:29.943root 11241100x8000000000000000529535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdcf6bed61aff312021-12-21 11:26:29.943root 11241100x8000000000000000529536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff22b90e98208ec22021-12-21 11:26:29.943root 11241100x8000000000000000529537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f800a75e686b012021-12-21 11:26:29.944root 11241100x8000000000000000529538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a04c9ec8bf4d61b2021-12-21 11:26:29.944root 11241100x8000000000000000529539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea4bf673b76c2682021-12-21 11:26:29.944root 11241100x8000000000000000529540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f159759743346f92021-12-21 11:26:29.944root 11241100x8000000000000000529541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4083e822a79304f42021-12-21 11:26:29.944root 11241100x8000000000000000529542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f5f239e81100232021-12-21 11:26:29.944root 11241100x8000000000000000529543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bfd268d02adc9e2021-12-21 11:26:29.944root 11241100x8000000000000000529544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b191cdd8f16892c32021-12-21 11:26:29.944root 11241100x8000000000000000529545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c76f042d2e2d72b2021-12-21 11:26:29.944root 11241100x8000000000000000529546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80fe697bb7d55f2021-12-21 11:26:29.944root 11241100x8000000000000000529547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ea3e0b6578a9d2021-12-21 11:26:30.443root 11241100x8000000000000000529548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf646e624679d0b2021-12-21 11:26:30.443root 11241100x8000000000000000529549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fd51904bd79c402021-12-21 11:26:30.443root 11241100x8000000000000000529550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbfbf1e311a404b2021-12-21 11:26:30.443root 11241100x8000000000000000529551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bafaeecd6ac78d2021-12-21 11:26:30.444root 11241100x8000000000000000529552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a155a24f6c1a5e2021-12-21 11:26:30.444root 11241100x8000000000000000529553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc53fa802d6200e2021-12-21 11:26:30.444root 11241100x8000000000000000529554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b44ea0776505922021-12-21 11:26:30.444root 11241100x8000000000000000529555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc9c4996456f942021-12-21 11:26:30.444root 11241100x8000000000000000529556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18962758065bb6672021-12-21 11:26:30.444root 11241100x8000000000000000529557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb3aee147bdc6ec2021-12-21 11:26:30.444root 11241100x8000000000000000529558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57708a73c3db07752021-12-21 11:26:30.444root 11241100x8000000000000000529559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1cd478ddebd2212021-12-21 11:26:30.444root 11241100x8000000000000000529560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377832b7b13575592021-12-21 11:26:30.444root 11241100x8000000000000000529561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f856f33925b0c5172021-12-21 11:26:30.444root 11241100x8000000000000000529562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4060655db6992322021-12-21 11:26:30.444root 11241100x8000000000000000529563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377c28c77efc3a72021-12-21 11:26:30.444root 11241100x8000000000000000529564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8f2f9402403de72021-12-21 11:26:30.444root 11241100x8000000000000000529565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4940e7e4721816682021-12-21 11:26:30.444root 11241100x8000000000000000529566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4120d92da8462c8e2021-12-21 11:26:30.444root 11241100x8000000000000000529567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19666f008361ad862021-12-21 11:26:30.444root 11241100x8000000000000000529568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beef6ad3d3cee7ad2021-12-21 11:26:30.943root 11241100x8000000000000000529569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc8bc611da4eca82021-12-21 11:26:30.943root 11241100x8000000000000000529570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10133f32e095a652021-12-21 11:26:30.943root 11241100x8000000000000000529571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa161fef928ac80c2021-12-21 11:26:30.943root 11241100x8000000000000000529572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6043aadfe6af73a62021-12-21 11:26:30.943root 11241100x8000000000000000529573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be8c86ec47e71c52021-12-21 11:26:30.943root 11241100x8000000000000000529574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852a132b31c2a8f82021-12-21 11:26:30.943root 11241100x8000000000000000529575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f4cd49a8965a7b2021-12-21 11:26:30.943root 11241100x8000000000000000529576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f58c389a1b317b2021-12-21 11:26:30.943root 11241100x8000000000000000529577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fafa61a9f483722021-12-21 11:26:30.943root 11241100x8000000000000000529578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aacf42a4a9de0eb2021-12-21 11:26:30.944root 11241100x8000000000000000529579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3194b2878bf71452021-12-21 11:26:30.944root 11241100x8000000000000000529580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f080f996f779012021-12-21 11:26:30.944root 11241100x8000000000000000529581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b133e4c7147e842021-12-21 11:26:30.944root 11241100x8000000000000000529582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f5f3c971e1a4702021-12-21 11:26:30.944root 11241100x8000000000000000529583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081415b55d11b1d42021-12-21 11:26:30.944root 11241100x8000000000000000529584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be049418bf23e3032021-12-21 11:26:30.944root 11241100x8000000000000000529585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434484a56b99fad72021-12-21 11:26:30.944root 11241100x8000000000000000529586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb914d4215b543f2021-12-21 11:26:30.944root 11241100x8000000000000000529587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79f9d7ee298d8c32021-12-21 11:26:30.944root 11241100x8000000000000000529588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35eba8434a0e6d22021-12-21 11:26:30.944root 11241100x8000000000000000529589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9212b7c4335ab7612021-12-21 11:26:31.443root 11241100x8000000000000000529590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bce1eee75432272021-12-21 11:26:31.444root 11241100x8000000000000000529591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a7a22b7ba8124d2021-12-21 11:26:31.444root 11241100x8000000000000000529592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd722e7affdec552021-12-21 11:26:31.444root 11241100x8000000000000000529593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c596db46def872582021-12-21 11:26:31.444root 11241100x8000000000000000529594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602d063e5067fe922021-12-21 11:26:31.444root 11241100x8000000000000000529595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb559cb233542792021-12-21 11:26:31.444root 11241100x8000000000000000529596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb83c000294307d2021-12-21 11:26:31.444root 11241100x8000000000000000529597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1603bde5ea71482021-12-21 11:26:31.444root 11241100x8000000000000000529598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8a4b9e4bac1972021-12-21 11:26:31.444root 11241100x8000000000000000529599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b582767f2c39712021-12-21 11:26:31.444root 11241100x8000000000000000529600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f56bb5adb8e09b42021-12-21 11:26:31.444root 11241100x8000000000000000529601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263d018e0f1f8a522021-12-21 11:26:31.444root 11241100x8000000000000000529602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd685e09d8dad92021-12-21 11:26:31.444root 11241100x8000000000000000529603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28130a18ad3e12662021-12-21 11:26:31.445root 11241100x8000000000000000529604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af279b161acfcab2021-12-21 11:26:31.445root 11241100x8000000000000000529605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7fc0e7b2c585d72021-12-21 11:26:31.445root 11241100x8000000000000000529606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1f1360fd5d99d02021-12-21 11:26:31.445root 11241100x8000000000000000529607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4125eaa71ec42e1e2021-12-21 11:26:31.445root 11241100x8000000000000000529608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cd1323f5a2624f2021-12-21 11:26:31.445root 11241100x8000000000000000529609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52e454272edb9472021-12-21 11:26:31.445root 11241100x8000000000000000529610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6919f92665db4fdd2021-12-21 11:26:31.943root 11241100x8000000000000000529611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4a7bc961d4b0272021-12-21 11:26:31.943root 11241100x8000000000000000529612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3743e30f8be4b0a2021-12-21 11:26:31.943root 11241100x8000000000000000529613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d76cc1acca5c3e52021-12-21 11:26:31.943root 11241100x8000000000000000529614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f5a5ad6a6660002021-12-21 11:26:31.943root 11241100x8000000000000000529615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da869166f46f3bb12021-12-21 11:26:31.943root 11241100x8000000000000000529616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8278b8b23de431672021-12-21 11:26:31.943root 11241100x8000000000000000529617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e40d374f6950a2021-12-21 11:26:31.943root 11241100x8000000000000000529618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baafba82ba8158e2021-12-21 11:26:31.944root 11241100x8000000000000000529619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d3faac53ddc9812021-12-21 11:26:31.944root 11241100x8000000000000000529620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72db599bb89992f32021-12-21 11:26:31.944root 11241100x8000000000000000529621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b723f36041493882021-12-21 11:26:31.944root 11241100x8000000000000000529622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367b96820c120b32021-12-21 11:26:31.944root 11241100x8000000000000000529623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763f760c43661de82021-12-21 11:26:31.944root 11241100x8000000000000000529624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c5e13c19c093d2021-12-21 11:26:31.944root 11241100x8000000000000000529625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f443909d6706a2021-12-21 11:26:31.944root 11241100x8000000000000000529626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6175e3687a59803b2021-12-21 11:26:31.944root 11241100x8000000000000000529627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4236c3d99df15b12021-12-21 11:26:31.944root 11241100x8000000000000000529628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62078dcc96615cd2021-12-21 11:26:31.944root 11241100x8000000000000000529629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e4790844d88b782021-12-21 11:26:31.944root 11241100x8000000000000000529630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d3034d3d1b438e2021-12-21 11:26:31.944root 11241100x8000000000000000529631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22465380a507dcdd2021-12-21 11:26:32.443root 11241100x8000000000000000529632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fd4d42b1a479882021-12-21 11:26:32.443root 11241100x8000000000000000529633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bebec5259881212021-12-21 11:26:32.443root 11241100x8000000000000000529634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9f315fea4babda2021-12-21 11:26:32.443root 11241100x8000000000000000529635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3e7300b49a759f2021-12-21 11:26:32.443root 11241100x8000000000000000529636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7769bf74a9ecd0ab2021-12-21 11:26:32.443root 11241100x8000000000000000529637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55823bfe941968652021-12-21 11:26:32.443root 11241100x8000000000000000529638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44045976218ae0a2021-12-21 11:26:32.444root 11241100x8000000000000000529639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69adb4b4dee937472021-12-21 11:26:32.444root 11241100x8000000000000000529640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b4d25923d9e4492021-12-21 11:26:32.444root 11241100x8000000000000000529641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f634e4e7cc9323a52021-12-21 11:26:32.444root 11241100x8000000000000000529642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b721df782e4b8c2021-12-21 11:26:32.444root 11241100x8000000000000000529643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee936800853de5c62021-12-21 11:26:32.444root 11241100x8000000000000000529644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd0c3ce7e8af492021-12-21 11:26:32.444root 11241100x8000000000000000529645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67842bb23856a9d2021-12-21 11:26:32.444root 11241100x8000000000000000529646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7fc7fc17dbebd2021-12-21 11:26:32.444root 11241100x8000000000000000529647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9b59b64432a2b12021-12-21 11:26:32.444root 11241100x8000000000000000529648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e230b9b00de512021-12-21 11:26:32.444root 11241100x8000000000000000529649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362dffb3b2c0c3242021-12-21 11:26:32.444root 11241100x8000000000000000529650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af993a29543ee782021-12-21 11:26:32.444root 11241100x8000000000000000529651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e4e76255b1c2ab2021-12-21 11:26:32.444root 11241100x8000000000000000529652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fc08b08574c8852021-12-21 11:26:32.943root 11241100x8000000000000000529653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c40862e547192f2021-12-21 11:26:32.943root 11241100x8000000000000000529654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c313a144d5e8582021-12-21 11:26:32.943root 11241100x8000000000000000529655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32186d0195a710482021-12-21 11:26:32.943root 11241100x8000000000000000529656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1911e1fbad4e4e2021-12-21 11:26:32.943root 11241100x8000000000000000529657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b80e30319e65e62021-12-21 11:26:32.943root 11241100x8000000000000000529658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99111c34405916b62021-12-21 11:26:32.943root 11241100x8000000000000000529659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4efd479c3ed892021-12-21 11:26:32.943root 11241100x8000000000000000529660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffb9d3f5030c4f52021-12-21 11:26:32.944root 11241100x8000000000000000529661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670281558faf85502021-12-21 11:26:32.944root 11241100x8000000000000000529662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f941956e0d66d9872021-12-21 11:26:32.944root 11241100x8000000000000000529663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbb761da45d5a5f2021-12-21 11:26:32.944root 11241100x8000000000000000529664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d885e00e3719102021-12-21 11:26:32.944root 11241100x8000000000000000529665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c804004cfe306542021-12-21 11:26:32.944root 11241100x8000000000000000529666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5da09904b158052021-12-21 11:26:32.944root 11241100x8000000000000000529667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3916b8ea1fcabb8c2021-12-21 11:26:32.944root 11241100x8000000000000000529668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d896ec7297064b62021-12-21 11:26:32.944root 11241100x8000000000000000529669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e397d7a11ca2b92021-12-21 11:26:32.944root 11241100x8000000000000000529670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38f5cde2e7dce122021-12-21 11:26:32.944root 11241100x8000000000000000529671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31ed6607c428acd2021-12-21 11:26:32.944root 11241100x8000000000000000529672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5271c09ce4e2a4462021-12-21 11:26:32.944root 354300x8000000000000000529673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.032{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48544-false10.0.1.12-8000- 11241100x8000000000000000529674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dad2e4619060d72021-12-21 11:26:33.443root 11241100x8000000000000000529675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136762f30a361ff22021-12-21 11:26:33.443root 11241100x8000000000000000529676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c4769581a9544d2021-12-21 11:26:33.444root 11241100x8000000000000000529677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e98e313d16d74252021-12-21 11:26:33.444root 11241100x8000000000000000529678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9de857dd91e3012021-12-21 11:26:33.444root 11241100x8000000000000000529679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d56104fa012647c2021-12-21 11:26:33.444root 11241100x8000000000000000529680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d64d51135c63632021-12-21 11:26:33.445root 11241100x8000000000000000529681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0e22ffdccf95a2021-12-21 11:26:33.445root 11241100x8000000000000000529682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368139b372919c0a2021-12-21 11:26:33.445root 11241100x8000000000000000529683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f150f7134864302021-12-21 11:26:33.445root 11241100x8000000000000000529684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a830c93d7620ee2021-12-21 11:26:33.445root 11241100x8000000000000000529685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2513bddbe1df522021-12-21 11:26:33.446root 11241100x8000000000000000529686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e16f9ff452e86f02021-12-21 11:26:33.446root 11241100x8000000000000000529687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaa7037ee15b8212021-12-21 11:26:33.446root 11241100x8000000000000000529688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242670704a28025c2021-12-21 11:26:33.447root 11241100x8000000000000000529689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a4a330c5d3add12021-12-21 11:26:33.447root 11241100x8000000000000000529690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673c56dfcb6685d22021-12-21 11:26:33.447root 11241100x8000000000000000529691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caad5aff8cb906c2021-12-21 11:26:33.447root 11241100x8000000000000000529692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495b254f480b1a4a2021-12-21 11:26:33.448root 11241100x8000000000000000529693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d80581f0035deb2021-12-21 11:26:33.448root 11241100x8000000000000000529694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c9457d8216a2b2021-12-21 11:26:33.448root 11241100x8000000000000000529695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6c1609669713c02021-12-21 11:26:33.448root 11241100x8000000000000000529696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed37fe00e8a049d2021-12-21 11:26:33.448root 11241100x8000000000000000529697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b70ec38fb83caa2021-12-21 11:26:33.943root 11241100x8000000000000000529698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de60a2a2607a5ff02021-12-21 11:26:33.943root 11241100x8000000000000000529699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b38ec72e627fddd2021-12-21 11:26:33.943root 11241100x8000000000000000529700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6b0eea237cea9b2021-12-21 11:26:33.943root 11241100x8000000000000000529701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7800b096728f2a2021-12-21 11:26:33.943root 11241100x8000000000000000529702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d8f268a59152432021-12-21 11:26:33.944root 11241100x8000000000000000529703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1180ea4a20b0a6892021-12-21 11:26:33.944root 11241100x8000000000000000529704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6cd05b261da5012021-12-21 11:26:33.944root 11241100x8000000000000000529705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07cac29394f69f42021-12-21 11:26:33.944root 11241100x8000000000000000529706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6971916a8c6622692021-12-21 11:26:33.944root 11241100x8000000000000000529707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f7a737aca117812021-12-21 11:26:33.944root 11241100x8000000000000000529708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8142a95987562f2021-12-21 11:26:33.944root 11241100x8000000000000000529709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbcf16367db54142021-12-21 11:26:33.944root 11241100x8000000000000000529710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694961b7f29645a12021-12-21 11:26:33.945root 11241100x8000000000000000529711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e08076f95fbe052021-12-21 11:26:33.945root 11241100x8000000000000000529712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ac0a5dbce7a5642021-12-21 11:26:33.945root 11241100x8000000000000000529713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d492b539088c9e2021-12-21 11:26:33.945root 11241100x8000000000000000529714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c96d7c065787fd2021-12-21 11:26:33.945root 11241100x8000000000000000529715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a207d8d44e35ec2021-12-21 11:26:33.945root 11241100x8000000000000000529716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5106eac7c220dc2021-12-21 11:26:33.945root 11241100x8000000000000000529717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f857c338d60664e92021-12-21 11:26:33.945root 11241100x8000000000000000529718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09a608e976c1f472021-12-21 11:26:33.945root 11241100x8000000000000000529719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be637cd1f5dd42332021-12-21 11:26:34.443root 11241100x8000000000000000529720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fd25884c658e7b2021-12-21 11:26:34.443root 11241100x8000000000000000529721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53edef9ea80ab8a52021-12-21 11:26:34.443root 11241100x8000000000000000529722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb862b213e875e992021-12-21 11:26:34.443root 11241100x8000000000000000529723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c95865c451b7f032021-12-21 11:26:34.444root 11241100x8000000000000000529724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38704de594b096bf2021-12-21 11:26:34.444root 11241100x8000000000000000529725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058a2c522f74e8582021-12-21 11:26:34.444root 11241100x8000000000000000529726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00800a06a4ff370a2021-12-21 11:26:34.444root 11241100x8000000000000000529727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f37212a12450de62021-12-21 11:26:34.444root 11241100x8000000000000000529728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca97c1766effe4e2021-12-21 11:26:34.444root 11241100x8000000000000000529729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d171c4930d0fb6352021-12-21 11:26:34.444root 11241100x8000000000000000529730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511dd0b65292ced42021-12-21 11:26:34.444root 11241100x8000000000000000529731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4319b940908647d92021-12-21 11:26:34.444root 11241100x8000000000000000529732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee3aabf1e323fcd2021-12-21 11:26:34.444root 11241100x8000000000000000529733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e30265ea6d285832021-12-21 11:26:34.444root 11241100x8000000000000000529734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f819b0b2464bc2021-12-21 11:26:34.444root 11241100x8000000000000000529735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1180ce6e130b642021-12-21 11:26:34.444root 11241100x8000000000000000529736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc69002209600edb2021-12-21 11:26:34.444root 11241100x8000000000000000529737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084aa63a431fabb72021-12-21 11:26:34.444root 11241100x8000000000000000529738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9ee6a2910c79632021-12-21 11:26:34.445root 11241100x8000000000000000529739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe835245781b62ab2021-12-21 11:26:34.445root 11241100x8000000000000000529740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0dc385937362e02021-12-21 11:26:34.445root 11241100x8000000000000000529741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a886a33199c73d2021-12-21 11:26:34.943root 11241100x8000000000000000529742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9a36cabb4621772021-12-21 11:26:34.943root 11241100x8000000000000000529743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f39dcf0c2ac1aee2021-12-21 11:26:34.943root 11241100x8000000000000000529744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de47d2b5925867c52021-12-21 11:26:34.944root 11241100x8000000000000000529745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51f9f5a0a1f73c92021-12-21 11:26:34.944root 11241100x8000000000000000529746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31ab831c49b91cb2021-12-21 11:26:34.944root 11241100x8000000000000000529747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4be5d0f73fc14712021-12-21 11:26:34.944root 11241100x8000000000000000529748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b309b08f09e38e2021-12-21 11:26:34.944root 11241100x8000000000000000529749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf8c15b34a635d2021-12-21 11:26:34.944root 11241100x8000000000000000529750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96f0f0bf145679a2021-12-21 11:26:34.944root 11241100x8000000000000000529751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b016c8494a44252021-12-21 11:26:34.944root 11241100x8000000000000000529752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e4e3b5e590cdc2021-12-21 11:26:34.944root 11241100x8000000000000000529753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d668739c23563562021-12-21 11:26:34.944root 11241100x8000000000000000529754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c9a6b889015f42021-12-21 11:26:34.944root 11241100x8000000000000000529755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0653b1e3556e97fb2021-12-21 11:26:34.944root 11241100x8000000000000000529756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e4cee681c675f72021-12-21 11:26:34.944root 11241100x8000000000000000529757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475db6f16aa2b6572021-12-21 11:26:34.944root 11241100x8000000000000000529758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c83533a28b9bbe2021-12-21 11:26:34.944root 11241100x8000000000000000529759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f748bbfb53bde6e2021-12-21 11:26:34.944root 11241100x8000000000000000529760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99f96b69e64c5f2021-12-21 11:26:34.945root 11241100x8000000000000000529761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7a6104836e67ad2021-12-21 11:26:34.945root 11241100x8000000000000000529762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff92989538cbb262021-12-21 11:26:34.945root 11241100x8000000000000000529763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e072fd65cfdd222c2021-12-21 11:26:35.443root 11241100x8000000000000000529764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1c318137bdd3122021-12-21 11:26:35.443root 11241100x8000000000000000529765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce506f553c4138022021-12-21 11:26:35.443root 11241100x8000000000000000529766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96328f1004dde7a2021-12-21 11:26:35.443root 11241100x8000000000000000529767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee024428de5dfc82021-12-21 11:26:35.444root 11241100x8000000000000000529768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311f7fdc76ef136c2021-12-21 11:26:35.444root 11241100x8000000000000000529769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208bbb94d20ca8722021-12-21 11:26:35.444root 11241100x8000000000000000529770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d0611ccc0438b42021-12-21 11:26:35.444root 11241100x8000000000000000529771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b277d82ee07f5f2021-12-21 11:26:35.444root 11241100x8000000000000000529772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033075b59519deda2021-12-21 11:26:35.444root 11241100x8000000000000000529773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670cb6ba7fc9e2682021-12-21 11:26:35.444root 11241100x8000000000000000529774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350eb5cc54e582042021-12-21 11:26:35.445root 11241100x8000000000000000529775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca91b916cd00d5572021-12-21 11:26:35.445root 11241100x8000000000000000529776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979f6a73cba9d6c12021-12-21 11:26:35.445root 11241100x8000000000000000529777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0661a8a3aa77fa2021-12-21 11:26:35.445root 11241100x8000000000000000529778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc175aa9269c5d92021-12-21 11:26:35.445root 11241100x8000000000000000529779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fec6a8b997f322a2021-12-21 11:26:35.445root 11241100x8000000000000000529780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f529e596e8d4cb82021-12-21 11:26:35.446root 11241100x8000000000000000529781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029c847e15c3f19e2021-12-21 11:26:35.446root 11241100x8000000000000000529782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dc47e550a0bc622021-12-21 11:26:35.446root 11241100x8000000000000000529783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdc340c4d2135852021-12-21 11:26:35.446root 11241100x8000000000000000529784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4756febdd2fa6e122021-12-21 11:26:35.446root 11241100x8000000000000000529785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c99f96d1e974372021-12-21 11:26:35.943root 11241100x8000000000000000529786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd407b0bd6604e52021-12-21 11:26:35.943root 11241100x8000000000000000529787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379eb7ca5734bed72021-12-21 11:26:35.943root 11241100x8000000000000000529788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72a1327716bbce42021-12-21 11:26:35.943root 11241100x8000000000000000529789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd17aaee85f234e2021-12-21 11:26:35.944root 11241100x8000000000000000529790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca66d4fc82ac7492021-12-21 11:26:35.944root 11241100x8000000000000000529791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71896b39eabd237b2021-12-21 11:26:35.944root 11241100x8000000000000000529792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c46ac6073dfa982021-12-21 11:26:35.944root 11241100x8000000000000000529793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e5f20d281ef4572021-12-21 11:26:35.944root 11241100x8000000000000000529794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8370db6ffce000a2021-12-21 11:26:35.944root 11241100x8000000000000000529795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcd3176ccab3c832021-12-21 11:26:35.944root 11241100x8000000000000000529796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bea791532ae62752021-12-21 11:26:35.945root 11241100x8000000000000000529797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76df5b7c276472622021-12-21 11:26:35.945root 11241100x8000000000000000529798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d0ea2ad02d1d5b2021-12-21 11:26:35.945root 11241100x8000000000000000529799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32def018208f771a2021-12-21 11:26:35.945root 11241100x8000000000000000529800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ede6abb7e760742021-12-21 11:26:35.945root 11241100x8000000000000000529801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0195c1667f644b4c2021-12-21 11:26:35.945root 11241100x8000000000000000529802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2810cde891cf752021-12-21 11:26:35.945root 11241100x8000000000000000529803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f305f13611b372c2021-12-21 11:26:35.945root 11241100x8000000000000000529804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4222cd36ee237e2021-12-21 11:26:35.946root 11241100x8000000000000000529805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827f0f09f4a25072021-12-21 11:26:35.946root 11241100x8000000000000000529806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9fe5ad5230ce262021-12-21 11:26:35.946root 11241100x8000000000000000529807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a24418313ba2db2021-12-21 11:26:35.947root 11241100x8000000000000000529808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa4992c1a69c5502021-12-21 11:26:35.947root 11241100x8000000000000000529809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:26:36.328root 11241100x8000000000000000529810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06492e8073322edb2021-12-21 11:26:36.329root 11241100x8000000000000000529811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882a124ad8f461f32021-12-21 11:26:36.329root 11241100x8000000000000000529812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb5b0266c01dfa42021-12-21 11:26:36.329root 11241100x8000000000000000529813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f519ec176659bc142021-12-21 11:26:36.329root 11241100x8000000000000000529814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca34178005f82a2021-12-21 11:26:36.329root 11241100x8000000000000000529815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221a554f086cb8c92021-12-21 11:26:36.329root 11241100x8000000000000000529816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613128ece62ac0d32021-12-21 11:26:36.330root 11241100x8000000000000000529817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d6e3ff97bde6322021-12-21 11:26:36.330root 11241100x8000000000000000529818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15e07a5c10f5c242021-12-21 11:26:36.330root 11241100x8000000000000000529819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c792731d19e86dac2021-12-21 11:26:36.330root 11241100x8000000000000000529820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcabd1fdbb26bc52021-12-21 11:26:36.330root 11241100x8000000000000000529821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83bd9431eb4b2002021-12-21 11:26:36.330root 11241100x8000000000000000529822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f181216d8d568b92021-12-21 11:26:36.330root 11241100x8000000000000000529823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f424ad98ce688912021-12-21 11:26:36.330root 11241100x8000000000000000529824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb0454ba90c98f42021-12-21 11:26:36.330root 11241100x8000000000000000529825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93500a288f3d5a22021-12-21 11:26:36.330root 11241100x8000000000000000529826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da09a65af0496faf2021-12-21 11:26:36.330root 11241100x8000000000000000529827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87101d57bd49fcd12021-12-21 11:26:36.331root 11241100x8000000000000000529828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105c9fd92a0973052021-12-21 11:26:36.331root 11241100x8000000000000000529829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661ecd9fbd81c8362021-12-21 11:26:36.331root 11241100x8000000000000000529830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f88581320450862021-12-21 11:26:36.331root 11241100x8000000000000000529831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698ee2a5d426dbbc2021-12-21 11:26:36.331root 11241100x8000000000000000529832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3162394ceb5a19aa2021-12-21 11:26:36.331root 11241100x8000000000000000529833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd8d0e38a0f6c632021-12-21 11:26:36.693root 11241100x8000000000000000529834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4449a688a5190fd22021-12-21 11:26:36.693root 11241100x8000000000000000529835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e316c90c84e0a22021-12-21 11:26:36.694root 11241100x8000000000000000529836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c92f57c030ab682021-12-21 11:26:36.694root 11241100x8000000000000000529837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4da71d5723863c92021-12-21 11:26:36.694root 11241100x8000000000000000529838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7d3b5ecf889fae2021-12-21 11:26:36.694root 11241100x8000000000000000529839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae0829b1d824c92021-12-21 11:26:36.694root 11241100x8000000000000000529840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7049bee342cf511b2021-12-21 11:26:36.694root 11241100x8000000000000000529841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab375c7707cd85d2021-12-21 11:26:36.694root 11241100x8000000000000000529842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd7055a3dfbc082021-12-21 11:26:36.694root 11241100x8000000000000000529843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66448e2b2f39b3ec2021-12-21 11:26:36.695root 11241100x8000000000000000529844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd0dd4adbd625a42021-12-21 11:26:36.695root 11241100x8000000000000000529845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ee10818389d2582021-12-21 11:26:36.695root 11241100x8000000000000000529846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb5ca6b502d05242021-12-21 11:26:36.695root 11241100x8000000000000000529847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be0634f30fa90892021-12-21 11:26:36.695root 11241100x8000000000000000529848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707a1f3822ce31b92021-12-21 11:26:36.695root 11241100x8000000000000000529849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00b744cc9998de22021-12-21 11:26:36.695root 11241100x8000000000000000529850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43ce0644049367c2021-12-21 11:26:36.695root 11241100x8000000000000000529851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e2322345f19a6a2021-12-21 11:26:36.695root 11241100x8000000000000000529852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f04e098e0d099072021-12-21 11:26:36.695root 11241100x8000000000000000529853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f821b044c11e9e22021-12-21 11:26:36.696root 11241100x8000000000000000529854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29de4529a971c62021-12-21 11:26:36.696root 11241100x8000000000000000529855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c69136d41c6bd222021-12-21 11:26:36.696root 11241100x8000000000000000529856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aa554e561c9e9e2021-12-21 11:26:37.193root 11241100x8000000000000000529857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d865efd9ff5078d2021-12-21 11:26:37.193root 11241100x8000000000000000529858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db8e151ba07b8be2021-12-21 11:26:37.193root 11241100x8000000000000000529859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0c7d957a969cc92021-12-21 11:26:37.193root 11241100x8000000000000000529860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504047f5b6de46212021-12-21 11:26:37.193root 11241100x8000000000000000529861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc6eb8cef20c77e2021-12-21 11:26:37.193root 11241100x8000000000000000529862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d88384657833d22021-12-21 11:26:37.193root 11241100x8000000000000000529863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c92f00982dbc0962021-12-21 11:26:37.193root 11241100x8000000000000000529864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962b49bd35f6db902021-12-21 11:26:37.194root 11241100x8000000000000000529865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64ac38efb3ecf1c2021-12-21 11:26:37.194root 11241100x8000000000000000529866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ddca524211ed7c2021-12-21 11:26:37.194root 11241100x8000000000000000529867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360b46b592bed9f22021-12-21 11:26:37.194root 11241100x8000000000000000529868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca652d4a640b6c742021-12-21 11:26:37.194root 11241100x8000000000000000529869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58828c592e88c04a2021-12-21 11:26:37.195root 11241100x8000000000000000529870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618801cb56b0c3132021-12-21 11:26:37.195root 11241100x8000000000000000529871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f0b91a541544692021-12-21 11:26:37.195root 11241100x8000000000000000529872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb7ecd6e3464b882021-12-21 11:26:37.195root 11241100x8000000000000000529873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0219b52f9270cf2021-12-21 11:26:37.196root 11241100x8000000000000000529874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65fab60fb6b2d4c2021-12-21 11:26:37.196root 11241100x8000000000000000529875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005e5fcfc15fd58e2021-12-21 11:26:37.196root 11241100x8000000000000000529876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e515a063895fd12021-12-21 11:26:37.196root 11241100x8000000000000000529877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f626bc4dffcb522021-12-21 11:26:37.197root 11241100x8000000000000000529878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3f7b44cdfed0222021-12-21 11:26:37.197root 11241100x8000000000000000529879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2cfc531bb138fa2021-12-21 11:26:37.693root 11241100x8000000000000000529880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e882e367ecc0e932021-12-21 11:26:37.694root 11241100x8000000000000000529881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80c65b55e295c712021-12-21 11:26:37.694root 11241100x8000000000000000529882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2177ab1f7bcf0722021-12-21 11:26:37.694root 11241100x8000000000000000529883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f74db57bd2cd8622021-12-21 11:26:37.694root 11241100x8000000000000000529884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e765da45c8574232021-12-21 11:26:37.695root 11241100x8000000000000000529885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cc38d151c9b9422021-12-21 11:26:37.695root 11241100x8000000000000000529886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f19a17b2cf28482021-12-21 11:26:37.695root 11241100x8000000000000000529887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370b83ed265c5402021-12-21 11:26:37.695root 11241100x8000000000000000529888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f348d8445e5cb82021-12-21 11:26:37.695root 11241100x8000000000000000529889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645c2044a2df7822021-12-21 11:26:37.695root 11241100x8000000000000000529890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07fadfdd29b1ca12021-12-21 11:26:37.695root 11241100x8000000000000000529891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295cb2bafd256c62021-12-21 11:26:37.695root 11241100x8000000000000000529892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f849c81aa0ce9fe2021-12-21 11:26:37.695root 11241100x8000000000000000529893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcef0bf526353602021-12-21 11:26:37.695root 11241100x8000000000000000529894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49f7328562f68df2021-12-21 11:26:37.696root 11241100x8000000000000000529895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d55848a165f3cb92021-12-21 11:26:37.696root 11241100x8000000000000000529896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064e833f081e9a602021-12-21 11:26:37.696root 11241100x8000000000000000529897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a591a885011a9b92021-12-21 11:26:37.696root 11241100x8000000000000000529898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128661b50f262cd52021-12-21 11:26:37.696root 11241100x8000000000000000529899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b96ce714daed4632021-12-21 11:26:37.696root 11241100x8000000000000000529900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d7b751d2bb167c2021-12-21 11:26:37.696root 11241100x8000000000000000529901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05ab5d0b01956782021-12-21 11:26:37.696root 354300x8000000000000000529902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.082{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48546-false10.0.1.12-8000- 11241100x8000000000000000529903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2304af20f8e48fd42021-12-21 11:26:38.083root 11241100x8000000000000000529904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fa4138b949bd9e2021-12-21 11:26:38.083root 11241100x8000000000000000529905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c345c274138d5b2021-12-21 11:26:38.083root 11241100x8000000000000000529906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a84fc79f15709a2021-12-21 11:26:38.084root 11241100x8000000000000000529907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940ee4cd0da06522021-12-21 11:26:38.084root 11241100x8000000000000000529908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6f9c3298c7cc32021-12-21 11:26:38.084root 11241100x8000000000000000529909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36264daf770a5baf2021-12-21 11:26:38.084root 11241100x8000000000000000529910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00397c86971e33f52021-12-21 11:26:38.084root 11241100x8000000000000000529911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8062209d619ffb2021-12-21 11:26:38.084root 11241100x8000000000000000529912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd095223e6640b92021-12-21 11:26:38.084root 11241100x8000000000000000529913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0447f9ade820fb0d2021-12-21 11:26:38.084root 11241100x8000000000000000529914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e52d15b6f4fefde2021-12-21 11:26:38.084root 11241100x8000000000000000529915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dcf194c5afd9962021-12-21 11:26:38.085root 11241100x8000000000000000529916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd70b60fee461b0c2021-12-21 11:26:38.085root 11241100x8000000000000000529917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4633de53d246f1e2021-12-21 11:26:38.085root 11241100x8000000000000000529918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f3936d44e628b32021-12-21 11:26:38.085root 11241100x8000000000000000529919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a78621fe80717302021-12-21 11:26:38.085root 11241100x8000000000000000529920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e5ad8362b0182d2021-12-21 11:26:38.085root 11241100x8000000000000000529921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54e5fb2639d5f962021-12-21 11:26:38.086root 11241100x8000000000000000529922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73a205edfeeb8392021-12-21 11:26:38.086root 11241100x8000000000000000529923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd653e9c315f38602021-12-21 11:26:38.086root 11241100x8000000000000000529924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab21f895a0525712021-12-21 11:26:38.087root 11241100x8000000000000000529925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d34d199fb3d992021-12-21 11:26:38.087root 11241100x8000000000000000529926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544e25ae196853ef2021-12-21 11:26:38.087root 11241100x8000000000000000529927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef67b213f0dc47ce2021-12-21 11:26:38.087root 11241100x8000000000000000529928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b55b6a4e506ff2021-12-21 11:26:38.087root 11241100x8000000000000000529929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9a93cd3491e8a12021-12-21 11:26:38.087root 11241100x8000000000000000529930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7539ce51085bb2732021-12-21 11:26:38.088root 11241100x8000000000000000529931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca976f9593ddad802021-12-21 11:26:38.088root 11241100x8000000000000000529932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422baea6123468482021-12-21 11:26:38.443root 11241100x8000000000000000529933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b4abd046e308922021-12-21 11:26:38.444root 11241100x8000000000000000529934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe68b1c3e4c622a2021-12-21 11:26:38.444root 11241100x8000000000000000529935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a31bb0d85c93c82021-12-21 11:26:38.444root 11241100x8000000000000000529936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8dc13b4094f5f42021-12-21 11:26:38.444root 11241100x8000000000000000529937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b40c0abb01dbf42021-12-21 11:26:38.444root 11241100x8000000000000000529938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2c7e1ca86cff2d2021-12-21 11:26:38.445root 11241100x8000000000000000529939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c382b7572396e12021-12-21 11:26:38.445root 11241100x8000000000000000529940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad8852c77b781c82021-12-21 11:26:38.445root 11241100x8000000000000000529941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306044c5be5b88ea2021-12-21 11:26:38.445root 11241100x8000000000000000529942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98693c5a8f97237e2021-12-21 11:26:38.445root 11241100x8000000000000000529943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08222af4bc029c02021-12-21 11:26:38.445root 11241100x8000000000000000529944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e7bdad32c93422021-12-21 11:26:38.445root 11241100x8000000000000000529945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dd171a87e541752021-12-21 11:26:38.446root 11241100x8000000000000000529946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc2f36542e3649b2021-12-21 11:26:38.446root 11241100x8000000000000000529947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1c2bf49b5e02a02021-12-21 11:26:38.446root 11241100x8000000000000000529948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ce00f1db685f622021-12-21 11:26:38.446root 11241100x8000000000000000529949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3bb327ead9ebbc2021-12-21 11:26:38.446root 11241100x8000000000000000529950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94cd732da78c5422021-12-21 11:26:38.446root 11241100x8000000000000000529951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f92f0f42389d8df2021-12-21 11:26:38.446root 11241100x8000000000000000529952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c09904262dd8be2021-12-21 11:26:38.446root 11241100x8000000000000000529953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4d1af71563f24e2021-12-21 11:26:38.447root 11241100x8000000000000000529954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca9b5121d247c422021-12-21 11:26:38.447root 11241100x8000000000000000529955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6d9b551a3164112021-12-21 11:26:38.447root 11241100x8000000000000000529956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eea4b182fbdc4082021-12-21 11:26:38.942root 11241100x8000000000000000529957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61d725a70df0ae62021-12-21 11:26:38.943root 11241100x8000000000000000529958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a8c22cb6415dd22021-12-21 11:26:38.943root 11241100x8000000000000000529959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0726d39fc38d8282021-12-21 11:26:38.943root 11241100x8000000000000000529960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446673b574b6ceb2021-12-21 11:26:38.943root 11241100x8000000000000000529961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a7d529ddc19b1c2021-12-21 11:26:38.943root 11241100x8000000000000000529962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7471dcaba542cdb22021-12-21 11:26:38.943root 11241100x8000000000000000529963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f26d6c7a1242de2021-12-21 11:26:38.943root 11241100x8000000000000000529964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccb245fbe887e702021-12-21 11:26:38.943root 11241100x8000000000000000529965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f0c391a5605a532021-12-21 11:26:38.943root 11241100x8000000000000000529966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde02b5368c450c2021-12-21 11:26:38.943root 11241100x8000000000000000529967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfc0b08540b111c2021-12-21 11:26:38.943root 11241100x8000000000000000529968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfc9f2448e192482021-12-21 11:26:38.944root 11241100x8000000000000000529969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f0ead8774052002021-12-21 11:26:38.944root 11241100x8000000000000000529970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d9f46735c81502021-12-21 11:26:38.944root 11241100x8000000000000000529971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe4900774fe6b952021-12-21 11:26:38.944root 11241100x8000000000000000529972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e3c14eed0a17ca2021-12-21 11:26:38.944root 11241100x8000000000000000529973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7705525fd081c0472021-12-21 11:26:38.944root 11241100x8000000000000000529974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88096c1d19ad436d2021-12-21 11:26:38.944root 11241100x8000000000000000529975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d847bdc5140492021-12-21 11:26:38.944root 11241100x8000000000000000529976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad7b8ad7a9b5d322021-12-21 11:26:38.944root 11241100x8000000000000000529977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6d227bf86e5f3d2021-12-21 11:26:38.944root 11241100x8000000000000000529978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2893d51e942951a32021-12-21 11:26:38.944root 11241100x8000000000000000529979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2ac93ad314665d2021-12-21 11:26:38.944root 23542300x8000000000000000529980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000529981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fad82b649988212021-12-21 11:26:39.330root 11241100x8000000000000000529982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8b275367dc22212021-12-21 11:26:39.330root 11241100x8000000000000000529983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce438a6ba1eb93d2021-12-21 11:26:39.330root 11241100x8000000000000000529984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fefe90285c8ff02021-12-21 11:26:39.330root 11241100x8000000000000000529985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a3c73151cd971e2021-12-21 11:26:39.330root 11241100x8000000000000000529986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e5ed8ca943032e2021-12-21 11:26:39.330root 11241100x8000000000000000529987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93e4e8ca25b3c572021-12-21 11:26:39.330root 11241100x8000000000000000529988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b301c9f89f97abb42021-12-21 11:26:39.331root 11241100x8000000000000000529989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda47faa41a1aa52021-12-21 11:26:39.331root 11241100x8000000000000000529990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a490c3af57fe73f2021-12-21 11:26:39.331root 11241100x8000000000000000529991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f1b840a50d7232021-12-21 11:26:39.331root 11241100x8000000000000000529992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33a5506c0f2e4b62021-12-21 11:26:39.331root 11241100x8000000000000000529993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc81d960befff96d2021-12-21 11:26:39.331root 11241100x8000000000000000529994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4000fcdfa90b59482021-12-21 11:26:39.331root 11241100x8000000000000000529995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67cc16e54eed6362021-12-21 11:26:39.332root 11241100x8000000000000000529996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78c04b7f0d205872021-12-21 11:26:39.332root 11241100x8000000000000000529997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0fca21c426f3c92021-12-21 11:26:39.332root 11241100x8000000000000000529998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad21f5550a7d8b2b2021-12-21 11:26:39.332root 11241100x8000000000000000529999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78df8ad6846bf512021-12-21 11:26:39.332root 11241100x8000000000000000530000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5364bdb900eac1fc2021-12-21 11:26:39.332root 11241100x8000000000000000530001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891a05cce079cef52021-12-21 11:26:39.332root 11241100x8000000000000000530002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21529372498027732021-12-21 11:26:39.332root 11241100x8000000000000000530003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6c050ed4514fc2021-12-21 11:26:39.332root 11241100x8000000000000000530004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2408a7333d887d762021-12-21 11:26:39.332root 11241100x8000000000000000530005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede499595e3f79242021-12-21 11:26:39.332root 11241100x8000000000000000530006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c97aec96055b3002021-12-21 11:26:39.333root 11241100x8000000000000000530007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209f32542d8cb1432021-12-21 11:26:39.333root 11241100x8000000000000000530008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278d4b6c2fdfcccf2021-12-21 11:26:39.333root 11241100x8000000000000000530009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ae109b6376301f2021-12-21 11:26:39.333root 11241100x8000000000000000530010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50d1a72155509092021-12-21 11:26:39.333root 11241100x8000000000000000530011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c14f1d90e3f68a2021-12-21 11:26:39.334root 11241100x8000000000000000530012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2061e6758bfac6c92021-12-21 11:26:39.334root 11241100x8000000000000000530013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98caa5da90641872021-12-21 11:26:39.334root 11241100x8000000000000000530014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac58cbf8fbda0f62021-12-21 11:26:39.334root 11241100x8000000000000000530015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e958230f7748812021-12-21 11:26:39.334root 11241100x8000000000000000530016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b61425c847e2702021-12-21 11:26:39.334root 11241100x8000000000000000530017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d67c9556378ac4b2021-12-21 11:26:39.334root 11241100x8000000000000000530018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb755a5235272f2021-12-21 11:26:39.335root 11241100x8000000000000000530019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6055861050e909432021-12-21 11:26:39.335root 11241100x8000000000000000530020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b2f1d0b710feca2021-12-21 11:26:39.335root 11241100x8000000000000000530021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716f6770910e96dd2021-12-21 11:26:39.336root 11241100x8000000000000000530022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c119dcb1add2df2021-12-21 11:26:39.336root 11241100x8000000000000000530023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fe135343496d932021-12-21 11:26:39.336root 11241100x8000000000000000530024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa25d0ef3f0e9162021-12-21 11:26:39.693root 11241100x8000000000000000530025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc8cdcd5b11d3192021-12-21 11:26:39.693root 11241100x8000000000000000530026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beff3e3225da947d2021-12-21 11:26:39.694root 11241100x8000000000000000530027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc600c0b2ed3002021-12-21 11:26:39.694root 11241100x8000000000000000530028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab685ca1ba02a732021-12-21 11:26:39.694root 11241100x8000000000000000530029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6142112b1d7bb0a2021-12-21 11:26:39.694root 11241100x8000000000000000530030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eeb48cd3954c262021-12-21 11:26:39.694root 11241100x8000000000000000530031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd0457aac0d0c672021-12-21 11:26:39.694root 11241100x8000000000000000530032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6199dafdb3b3b25f2021-12-21 11:26:39.695root 11241100x8000000000000000530033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9928c86efe3f9a92021-12-21 11:26:39.695root 11241100x8000000000000000530034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7f70503f55212b2021-12-21 11:26:39.695root 11241100x8000000000000000530035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc1f97f6b772cfe2021-12-21 11:26:39.695root 11241100x8000000000000000530036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d0d124abead9f42021-12-21 11:26:39.695root 11241100x8000000000000000530037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988d3f03405c70842021-12-21 11:26:39.695root 11241100x8000000000000000530038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20990d4325f441e72021-12-21 11:26:39.695root 11241100x8000000000000000530039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eb5efa69b81d652021-12-21 11:26:39.695root 11241100x8000000000000000530040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4921340573a3fb6f2021-12-21 11:26:39.695root 11241100x8000000000000000530041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e6a548314e321e2021-12-21 11:26:39.695root 11241100x8000000000000000530042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d588f7cb7d77a82021-12-21 11:26:39.695root 11241100x8000000000000000530043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ff5aa3300517e2021-12-21 11:26:39.695root 11241100x8000000000000000530044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4fdb98d496d2982021-12-21 11:26:39.695root 11241100x8000000000000000530045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce935e7a61cb379a2021-12-21 11:26:39.695root 11241100x8000000000000000530046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8fe8b7c4ccc2de2021-12-21 11:26:39.695root 11241100x8000000000000000530047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aee997ffe3d70d2021-12-21 11:26:39.696root 11241100x8000000000000000530048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8500364a07142ef12021-12-21 11:26:39.696root 11241100x8000000000000000530049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eba032fc9a389f2021-12-21 11:26:40.193root 11241100x8000000000000000530050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352109417fc4c5d52021-12-21 11:26:40.193root 11241100x8000000000000000530051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbb90d1d715cd332021-12-21 11:26:40.194root 11241100x8000000000000000530052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75306528c85b88fd2021-12-21 11:26:40.194root 11241100x8000000000000000530053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8982ed3b82ab96f2021-12-21 11:26:40.194root 11241100x8000000000000000530054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679469ed5348b7582021-12-21 11:26:40.194root 11241100x8000000000000000530055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5157c696737cf222021-12-21 11:26:40.194root 11241100x8000000000000000530056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a4bf18223553262021-12-21 11:26:40.194root 11241100x8000000000000000530057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e438787e937e9aa22021-12-21 11:26:40.194root 11241100x8000000000000000530058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a54052bca4ba672021-12-21 11:26:40.195root 11241100x8000000000000000530059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3982a8ab22ffe2021-12-21 11:26:40.195root 11241100x8000000000000000530060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2235ca5e9e05bc92021-12-21 11:26:40.195root 11241100x8000000000000000530061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3125a842d329b35c2021-12-21 11:26:40.195root 11241100x8000000000000000530062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571e92fa4a0b24902021-12-21 11:26:40.195root 11241100x8000000000000000530063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ee424ac5b791eb2021-12-21 11:26:40.195root 11241100x8000000000000000530064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f3175c8384f442021-12-21 11:26:40.195root 11241100x8000000000000000530065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83efa11503ced53d2021-12-21 11:26:40.195root 11241100x8000000000000000530066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d159435147987c462021-12-21 11:26:40.195root 11241100x8000000000000000530067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dfc6b11c44a14e2021-12-21 11:26:40.195root 11241100x8000000000000000530068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e772f52ef5b331492021-12-21 11:26:40.195root 11241100x8000000000000000530069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba51ef59c9fb85a32021-12-21 11:26:40.196root 11241100x8000000000000000530070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146e27b8359768dc2021-12-21 11:26:40.196root 11241100x8000000000000000530071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc300d5d0c1de8372021-12-21 11:26:40.196root 11241100x8000000000000000530072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15794ee05f5a911b2021-12-21 11:26:40.196root 11241100x8000000000000000530073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00d2a160df980d2021-12-21 11:26:40.196root 11241100x8000000000000000530074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b54de9fd93267de2021-12-21 11:26:40.693root 11241100x8000000000000000530075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825b90167b6e99572021-12-21 11:26:40.694root 11241100x8000000000000000530076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e489878535b7f5572021-12-21 11:26:40.694root 11241100x8000000000000000530077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7000019e9688d62021-12-21 11:26:40.694root 11241100x8000000000000000530078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b20e3c0d6c7c572021-12-21 11:26:40.694root 11241100x8000000000000000530079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7130a2bee5f9524b2021-12-21 11:26:40.694root 11241100x8000000000000000530080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be9f5789f8d7f272021-12-21 11:26:40.694root 11241100x8000000000000000530081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd62f8694c08bfc2021-12-21 11:26:40.694root 11241100x8000000000000000530082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497387500f965a3a2021-12-21 11:26:40.694root 11241100x8000000000000000530083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d0bfe1d5fd8c82021-12-21 11:26:40.694root 11241100x8000000000000000530084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ee642342f94ebc2021-12-21 11:26:40.694root 11241100x8000000000000000530085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab795fe7e740f6a2021-12-21 11:26:40.695root 11241100x8000000000000000530086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc01d6c92f4d2cc2021-12-21 11:26:40.695root 11241100x8000000000000000530087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d4c96dcc18afb2021-12-21 11:26:40.695root 11241100x8000000000000000530088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f10515f01a9dd6f2021-12-21 11:26:40.695root 11241100x8000000000000000530089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188c0ab5dd2027072021-12-21 11:26:40.695root 11241100x8000000000000000530090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e17f006c61aa3d2021-12-21 11:26:40.695root 11241100x8000000000000000530091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9fed86501cfbfd2021-12-21 11:26:40.695root 11241100x8000000000000000530092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e40efa9fbf690972021-12-21 11:26:40.696root 11241100x8000000000000000530093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e705491519afb22021-12-21 11:26:40.696root 11241100x8000000000000000530094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371dbaba55bca3582021-12-21 11:26:40.696root 11241100x8000000000000000530095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ebca2c8d01adc62021-12-21 11:26:40.696root 11241100x8000000000000000530096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28267ad61ea6a12021-12-21 11:26:40.696root 11241100x8000000000000000530097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820e3b9a2fa815042021-12-21 11:26:40.696root 11241100x8000000000000000530098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc874abab7e0e1882021-12-21 11:26:40.697root 11241100x8000000000000000530099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274149061813a7762021-12-21 11:26:41.193root 11241100x8000000000000000530100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725c39e64a1b97fa2021-12-21 11:26:41.193root 11241100x8000000000000000530101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5998b410cc8d24162021-12-21 11:26:41.194root 11241100x8000000000000000530102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effbdf76ecfd69332021-12-21 11:26:41.194root 11241100x8000000000000000530103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683ad83961078a662021-12-21 11:26:41.194root 11241100x8000000000000000530104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bcf6d53fb6b1f62021-12-21 11:26:41.194root 11241100x8000000000000000530105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d59786c3926cf242021-12-21 11:26:41.194root 11241100x8000000000000000530106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb6bb5a8ec0300c2021-12-21 11:26:41.194root 11241100x8000000000000000530107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c9e8bbbb4bfa772021-12-21 11:26:41.194root 11241100x8000000000000000530108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9958251f5e86de0b2021-12-21 11:26:41.194root 11241100x8000000000000000530109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5006dd83a9d01c992021-12-21 11:26:41.194root 11241100x8000000000000000530110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61903476e97293ae2021-12-21 11:26:41.194root 11241100x8000000000000000530111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2d9a829e82af932021-12-21 11:26:41.194root 11241100x8000000000000000530112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefd88968afe9f172021-12-21 11:26:41.194root 11241100x8000000000000000530113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8022a7b489a61b2021-12-21 11:26:41.195root 11241100x8000000000000000530114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdd6648dad992562021-12-21 11:26:41.195root 11241100x8000000000000000530115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5f9c226531b0462021-12-21 11:26:41.195root 11241100x8000000000000000530116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c56e9b2e14c35f02021-12-21 11:26:41.195root 11241100x8000000000000000530117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d192461983c332021-12-21 11:26:41.195root 11241100x8000000000000000530118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401e4546f0c244d92021-12-21 11:26:41.195root 11241100x8000000000000000530119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53d48db6fce44982021-12-21 11:26:41.195root 11241100x8000000000000000530120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a461b8a3bf93e482021-12-21 11:26:41.195root 11241100x8000000000000000530121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9711d980656de6ee2021-12-21 11:26:41.195root 11241100x8000000000000000530122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c81c23a466bfa082021-12-21 11:26:41.195root 11241100x8000000000000000530123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c7a13816fca0392021-12-21 11:26:41.195root 11241100x8000000000000000530124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e017fe46ae86912021-12-21 11:26:41.693root 11241100x8000000000000000530125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8959558a616758a2021-12-21 11:26:41.693root 11241100x8000000000000000530126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d5a5230d8d3aaa2021-12-21 11:26:41.693root 11241100x8000000000000000530127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d5ad70254c3fce2021-12-21 11:26:41.694root 11241100x8000000000000000530128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643771901e9c5ac32021-12-21 11:26:41.694root 11241100x8000000000000000530129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548ed0d831bbc52c2021-12-21 11:26:41.694root 11241100x8000000000000000530130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd42dbda8667ee9a2021-12-21 11:26:41.694root 11241100x8000000000000000530131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5773cdbc51436202021-12-21 11:26:41.695root 11241100x8000000000000000530132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b271e86b7d2ec5c22021-12-21 11:26:41.695root 11241100x8000000000000000530133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20541e83e77753982021-12-21 11:26:41.695root 11241100x8000000000000000530134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40e960dd995d2c32021-12-21 11:26:41.695root 11241100x8000000000000000530135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af91425d251e48002021-12-21 11:26:41.695root 11241100x8000000000000000530136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c066abee47c56722021-12-21 11:26:41.695root 11241100x8000000000000000530137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81445e0b639da3b52021-12-21 11:26:41.696root 11241100x8000000000000000530138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9b9e74c79306f92021-12-21 11:26:41.696root 11241100x8000000000000000530139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b38e5fa3cecf582021-12-21 11:26:41.696root 11241100x8000000000000000530140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea9ab53e3bd4ec2021-12-21 11:26:41.696root 11241100x8000000000000000530141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db219dd5ab0293ce2021-12-21 11:26:41.696root 11241100x8000000000000000530142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8dcf1499941aa92021-12-21 11:26:41.696root 11241100x8000000000000000530143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9355f96a5729f062021-12-21 11:26:41.697root 11241100x8000000000000000530144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962d9d726f7a02ba2021-12-21 11:26:41.697root 11241100x8000000000000000530145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69117dd8f27239b92021-12-21 11:26:41.697root 11241100x8000000000000000530146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a420680f4a9e6722021-12-21 11:26:41.697root 11241100x8000000000000000530147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77b6c968f0e8542021-12-21 11:26:41.697root 11241100x8000000000000000530148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236b55fd7d5f26c32021-12-21 11:26:41.697root 11241100x8000000000000000530149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0aefd8a229b2822021-12-21 11:26:41.698root 11241100x8000000000000000530150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b90b0b6a2acac22021-12-21 11:26:41.698root 11241100x8000000000000000530151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e520f296c4aafa3d2021-12-21 11:26:41.698root 11241100x8000000000000000530152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1afb3a510aa40162021-12-21 11:26:42.193root 11241100x8000000000000000530153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc5188bbb804dab2021-12-21 11:26:42.193root 11241100x8000000000000000530154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6798b121fe53e02021-12-21 11:26:42.193root 11241100x8000000000000000530155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a868a37d15eac3c02021-12-21 11:26:42.193root 11241100x8000000000000000530156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a362a2ccac19132021-12-21 11:26:42.193root 11241100x8000000000000000530157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e72bb720c23d1e2021-12-21 11:26:42.193root 11241100x8000000000000000530158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5446a554cc8c2302021-12-21 11:26:42.193root 11241100x8000000000000000530159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e67ad1ea9ceb92021-12-21 11:26:42.193root 11241100x8000000000000000530160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755d6f6bd184b412021-12-21 11:26:42.194root 11241100x8000000000000000530161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf30d0ac1c5a176e2021-12-21 11:26:42.194root 11241100x8000000000000000530162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5ddf904756670a2021-12-21 11:26:42.194root 11241100x8000000000000000530163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99126690ae4edf912021-12-21 11:26:42.194root 11241100x8000000000000000530164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4f3298863b5c012021-12-21 11:26:42.194root 11241100x8000000000000000530165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b8cc837fb3592b2021-12-21 11:26:42.194root 11241100x8000000000000000530166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11406bd00aebf6322021-12-21 11:26:42.194root 11241100x8000000000000000530167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a204304d31a8232021-12-21 11:26:42.194root 11241100x8000000000000000530168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a34a683b2ac38492021-12-21 11:26:42.194root 11241100x8000000000000000530169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81225c61453269862021-12-21 11:26:42.194root 11241100x8000000000000000530170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbecbff42f643e62021-12-21 11:26:42.194root 11241100x8000000000000000530171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336de53bb60e5112021-12-21 11:26:42.194root 11241100x8000000000000000530172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8280077ff8767e42021-12-21 11:26:42.194root 11241100x8000000000000000530173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fffa8e5ee709b22021-12-21 11:26:42.194root 11241100x8000000000000000530174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1d0c5375b1daaf2021-12-21 11:26:42.194root 11241100x8000000000000000530175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10791d0f0280c6132021-12-21 11:26:42.195root 11241100x8000000000000000530176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865e3c0321928b1f2021-12-21 11:26:42.195root 11241100x8000000000000000530177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda065638d7b6d532021-12-21 11:26:42.195root 11241100x8000000000000000530178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a6e7d789a8d33b2021-12-21 11:26:42.694root 11241100x8000000000000000530179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a58cc4b9bfbc292021-12-21 11:26:42.694root 11241100x8000000000000000530180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68143d50d9dc3512021-12-21 11:26:42.694root 11241100x8000000000000000530181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abc86659a09e5d32021-12-21 11:26:42.694root 11241100x8000000000000000530182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8f312c7c3997b12021-12-21 11:26:42.694root 11241100x8000000000000000530183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f3ff0b631e90d22021-12-21 11:26:42.694root 11241100x8000000000000000530184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7c3d00659318f02021-12-21 11:26:42.694root 11241100x8000000000000000530185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71114cd5b4d9b97d2021-12-21 11:26:42.695root 11241100x8000000000000000530186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b8c0a6601f076c2021-12-21 11:26:42.695root 11241100x8000000000000000530187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad6e5898b5d47ab2021-12-21 11:26:42.695root 11241100x8000000000000000530188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e19b100953c8da82021-12-21 11:26:42.695root 11241100x8000000000000000530189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beef038a9646da512021-12-21 11:26:42.695root 11241100x8000000000000000530190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ce4d7e852b80aa2021-12-21 11:26:42.695root 11241100x8000000000000000530191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d62854904efad92021-12-21 11:26:42.695root 11241100x8000000000000000530192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92df0e363931ab742021-12-21 11:26:42.695root 11241100x8000000000000000530193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a81be1514c99222021-12-21 11:26:42.695root 11241100x8000000000000000530194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdda190f8db71ef2021-12-21 11:26:42.695root 11241100x8000000000000000530195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3663f507a76a5522021-12-21 11:26:42.695root 11241100x8000000000000000530196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ad59b86ba7a0042021-12-21 11:26:42.696root 11241100x8000000000000000530197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab907171851ea8c82021-12-21 11:26:42.696root 11241100x8000000000000000530198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a77675dbb841adc2021-12-21 11:26:42.696root 11241100x8000000000000000530199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3fba24c0058e072021-12-21 11:26:42.696root 11241100x8000000000000000530200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31eb4c1b91f63d22021-12-21 11:26:42.696root 11241100x8000000000000000530201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfa72f1bbe8d78a2021-12-21 11:26:42.696root 11241100x8000000000000000530202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea92c0bf71965142021-12-21 11:26:42.696root 354300x8000000000000000530203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.155{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48548-false10.0.1.12-8000- 11241100x8000000000000000530204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e71774ef6d40692021-12-21 11:26:43.156root 11241100x8000000000000000530205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b773769238de5d62021-12-21 11:26:43.156root 11241100x8000000000000000530206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a741c8274c31852021-12-21 11:26:43.156root 11241100x8000000000000000530207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4177771135d3b62021-12-21 11:26:43.157root 11241100x8000000000000000530208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d475f8410d9512021-12-21 11:26:43.157root 11241100x8000000000000000530209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd48dcfcd66efc22021-12-21 11:26:43.157root 11241100x8000000000000000530210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bbe3dd2fbd04b62021-12-21 11:26:43.157root 11241100x8000000000000000530211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899efe4dffd85aed2021-12-21 11:26:43.157root 11241100x8000000000000000530212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f464abac2d551d282021-12-21 11:26:43.157root 11241100x8000000000000000530213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c84e5112fdb731f2021-12-21 11:26:43.157root 11241100x8000000000000000530214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43a6b52d986d06b2021-12-21 11:26:43.157root 11241100x8000000000000000530215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dd48ae2f62f4052021-12-21 11:26:43.157root 11241100x8000000000000000530216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1372656c8a321b882021-12-21 11:26:43.157root 11241100x8000000000000000530217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11d13f91c78255f2021-12-21 11:26:43.157root 11241100x8000000000000000530218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8607e40e5ec53d52021-12-21 11:26:43.157root 11241100x8000000000000000530219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14418e4a975fe8f2021-12-21 11:26:43.157root 11241100x8000000000000000530220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2dcd189cb5e0022021-12-21 11:26:43.157root 11241100x8000000000000000530221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:43.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15aeb0dcba9827b2021-12-21 11:26:43.158root 354300x8000000000000000530249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:54.187{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48552-false10.0.1.12-8000- 11241100x8000000000000000530250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f608992fc46b532a2021-12-21 11:26:54.442root 11241100x8000000000000000530251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0b433b015661d92021-12-21 11:26:54.942root 11241100x8000000000000000530252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7183e6f3d4160402021-12-21 11:26:55.442root 11241100x8000000000000000530253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f78aba5cf6b8ec12021-12-21 11:26:55.942root 11241100x8000000000000000530254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9da5fb8b9098e92021-12-21 11:26:56.442root 11241100x8000000000000000530255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e69c6cb1384632021-12-21 11:26:56.942root 11241100x8000000000000000530256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1a5971bb01b9bc2021-12-21 11:26:57.442root 11241100x8000000000000000530257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02e2b12cd76c1902021-12-21 11:26:57.942root 11241100x8000000000000000530258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245a4d56c7112e02021-12-21 11:26:58.442root 11241100x8000000000000000530259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:58.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9896b30e8bbdf3cc2021-12-21 11:26:58.942root 11241100x8000000000000000530260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7301b08c4b90bd022021-12-21 11:26:59.442root 11241100x8000000000000000530261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:26:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc862b06fafc48162021-12-21 11:26:59.942root 354300x8000000000000000530262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.122{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48554-false10.0.1.12-8000- 11241100x8000000000000000530263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b8f015ebca67522021-12-21 11:27:00.442root 11241100x8000000000000000530264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9787a7167c9f8d32021-12-21 11:27:00.443root 154100x8000000000000000530265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.650{ec2b6afe-ba04-61c1-e806-24b3da550000}9865/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000530266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.653{ec2b6afe-ba04-61c1-e806-24b3da550000}9865/bin/lsubuntu 11241100x8000000000000000530267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a5b4a924f280862021-12-21 11:27:00.943root 11241100x8000000000000000530268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6631e48cb69c41c2021-12-21 11:27:00.943root 11241100x8000000000000000530269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038bace800029e2e2021-12-21 11:27:00.943root 11241100x8000000000000000530270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c345c97cccfdb0172021-12-21 11:27:00.943root 11241100x8000000000000000530271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35c1a784b18ce842021-12-21 11:27:01.443root 11241100x8000000000000000530272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598c6c80f867d83c2021-12-21 11:27:01.443root 11241100x8000000000000000530273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392a85ce1bd3623f2021-12-21 11:27:01.443root 11241100x8000000000000000530274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cb7daa235f15932021-12-21 11:27:01.443root 11241100x8000000000000000530275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799041c6a59bed022021-12-21 11:27:01.942root 11241100x8000000000000000530276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba1f656f380b9a2021-12-21 11:27:01.943root 11241100x8000000000000000530277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc2c089fe2373502021-12-21 11:27:01.943root 11241100x8000000000000000530278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70312101c6970dce2021-12-21 11:27:01.943root 11241100x8000000000000000530279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c356ea6ee2a17f92021-12-21 11:27:02.442root 11241100x8000000000000000530280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24992fde2c12cd72021-12-21 11:27:02.443root 11241100x8000000000000000530281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7003d093b10a01f82021-12-21 11:27:02.443root 11241100x8000000000000000530282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad15ec20ea7e5e22021-12-21 11:27:02.443root 11241100x8000000000000000530283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e9fee59a9de4802021-12-21 11:27:02.942root 11241100x8000000000000000530284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173b13069a86f46c2021-12-21 11:27:02.943root 11241100x8000000000000000530285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfac59cb34f253d2021-12-21 11:27:02.943root 11241100x8000000000000000530286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959faab6a40047042021-12-21 11:27:02.943root 11241100x8000000000000000530287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b05575d6dae81f2021-12-21 11:27:03.443root 11241100x8000000000000000530288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c119870a8b57e8012021-12-21 11:27:03.443root 11241100x8000000000000000530289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7daa87a896f11a22021-12-21 11:27:03.443root 11241100x8000000000000000530290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84e338a0efbed162021-12-21 11:27:03.443root 11241100x8000000000000000530291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b01440ffa76c01d2021-12-21 11:27:03.942root 11241100x8000000000000000530292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3446c4ad1dfc01ec2021-12-21 11:27:03.943root 11241100x8000000000000000530293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1e2f39eb1137562021-12-21 11:27:03.943root 11241100x8000000000000000530294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88af7f537d68cb7f2021-12-21 11:27:03.943root 11241100x8000000000000000530295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9cc486d81eabd32021-12-21 11:27:04.442root 11241100x8000000000000000530296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c46f4621b4c4e502021-12-21 11:27:04.443root 11241100x8000000000000000530297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18503d1a35cc34502021-12-21 11:27:04.443root 11241100x8000000000000000530298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069d0df5b3acc5412021-12-21 11:27:04.443root 11241100x8000000000000000530299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e7ed2ec25a33b2021-12-21 11:27:04.942root 11241100x8000000000000000530300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9340b3913dd61d2021-12-21 11:27:04.943root 11241100x8000000000000000530301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9449076822b3b1d72021-12-21 11:27:04.943root 11241100x8000000000000000530302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d784ab963f69d6a2021-12-21 11:27:04.943root 354300x8000000000000000530303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.145{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48556-false10.0.1.12-8000- 11241100x8000000000000000530304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394fd6ccf5e1248b2021-12-21 11:27:05.443root 11241100x8000000000000000530305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f0f0b908d009e22021-12-21 11:27:05.443root 11241100x8000000000000000530306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7942d70eb00d95572021-12-21 11:27:05.443root 11241100x8000000000000000530307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28efa8337c9fa1512021-12-21 11:27:05.443root 11241100x8000000000000000530308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5358890e6993ee4d2021-12-21 11:27:05.443root 11241100x8000000000000000530309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f259ab2b1b99b5b2021-12-21 11:27:05.943root 11241100x8000000000000000530310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bd79261ce39e912021-12-21 11:27:05.943root 11241100x8000000000000000530311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e27db85616423e2021-12-21 11:27:05.943root 11241100x8000000000000000530312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e594969767ed682021-12-21 11:27:05.943root 11241100x8000000000000000530313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94beacb170bfad492021-12-21 11:27:05.943root 11241100x8000000000000000530314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:27:06.327root 11241100x8000000000000000530315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64af0c1ba51afe32021-12-21 11:27:06.328root 11241100x8000000000000000530316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586e32da13cfe51c2021-12-21 11:27:06.328root 11241100x8000000000000000530317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2ff8047ae68d9e2021-12-21 11:27:06.328root 11241100x8000000000000000530318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9240f2166885312021-12-21 11:27:06.329root 11241100x8000000000000000530319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fb908443469af72021-12-21 11:27:06.329root 11241100x8000000000000000530320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918e4b2d2ff0f53a2021-12-21 11:27:06.329root 11241100x8000000000000000530321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43d3f6bcc09bd492021-12-21 11:27:06.693root 11241100x8000000000000000530322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3c865fec0389af2021-12-21 11:27:06.693root 11241100x8000000000000000530323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f449e0aafe8393e2021-12-21 11:27:06.693root 11241100x8000000000000000530324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42867361bcb00322021-12-21 11:27:06.693root 11241100x8000000000000000530325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6786dc5eaf55e2021-12-21 11:27:06.693root 11241100x8000000000000000530326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123b2dfc4ce255e42021-12-21 11:27:06.693root 11241100x8000000000000000530327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51d707cb1ffc7f62021-12-21 11:27:07.193root 11241100x8000000000000000530328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a509ea66e16816a2021-12-21 11:27:07.193root 11241100x8000000000000000530329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6b9f357a021eb22021-12-21 11:27:07.193root 11241100x8000000000000000530330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a47a8f5e1e55c142021-12-21 11:27:07.193root 11241100x8000000000000000530331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b35d00e50ba7102021-12-21 11:27:07.193root 11241100x8000000000000000530332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97a9980a366d9312021-12-21 11:27:07.193root 11241100x8000000000000000530333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ddf82ef89a6fd12021-12-21 11:27:07.693root 11241100x8000000000000000530334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d4ccdf25dd3c5f2021-12-21 11:27:07.693root 11241100x8000000000000000530335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306550910692956c2021-12-21 11:27:07.693root 11241100x8000000000000000530336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e4a59d832f17ca2021-12-21 11:27:07.693root 11241100x8000000000000000530337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df25f4c8a386c882021-12-21 11:27:07.693root 11241100x8000000000000000530338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9379cb24e650bf822021-12-21 11:27:07.693root 11241100x8000000000000000530339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e05e12edbceaaa2021-12-21 11:27:08.192root 11241100x8000000000000000530340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43966b185c7ff10e2021-12-21 11:27:08.193root 11241100x8000000000000000530341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea27dfe62e4f142021-12-21 11:27:08.193root 11241100x8000000000000000530342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef116117188020d2021-12-21 11:27:08.193root 11241100x8000000000000000530343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb78347a90bab882021-12-21 11:27:08.193root 11241100x8000000000000000530344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1380bee17d8fc9ea2021-12-21 11:27:08.193root 11241100x8000000000000000530345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3947094249af8a92021-12-21 11:27:08.693root 11241100x8000000000000000530346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e1d1a063a6d0e32021-12-21 11:27:08.693root 11241100x8000000000000000530347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048eb59883e70792021-12-21 11:27:08.693root 11241100x8000000000000000530348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e42e62d395b69a2021-12-21 11:27:08.693root 11241100x8000000000000000530349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c783f16efc4f5d12021-12-21 11:27:08.693root 11241100x8000000000000000530350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802f8005f54483e22021-12-21 11:27:08.693root 11241100x8000000000000000530351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe81badccdb33f72021-12-21 11:27:09.193root 11241100x8000000000000000530352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc95f1c7385833e2021-12-21 11:27:09.193root 11241100x8000000000000000530353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf427bde7c635312021-12-21 11:27:09.193root 11241100x8000000000000000530354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd31c01e7bc9292021-12-21 11:27:09.193root 11241100x8000000000000000530355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2867a5cdeac0c34c2021-12-21 11:27:09.193root 11241100x8000000000000000530356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869d16691a752df82021-12-21 11:27:09.193root 23542300x8000000000000000530357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000530358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a522a9ede995e932021-12-21 11:27:09.693root 11241100x8000000000000000530359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b7f79f58e9e48b2021-12-21 11:27:09.693root 11241100x8000000000000000530360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa62814eeef68472021-12-21 11:27:09.693root 11241100x8000000000000000530361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ee1c7df058ec02021-12-21 11:27:09.693root 11241100x8000000000000000530362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81676474faab2a32021-12-21 11:27:09.693root 11241100x8000000000000000530363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccfd0767b0b9f7a2021-12-21 11:27:09.693root 11241100x8000000000000000530364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffe54e80ad1b7282021-12-21 11:27:09.693root 354300x8000000000000000530365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.164{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48558-false10.0.1.12-8000- 11241100x8000000000000000530366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53778bb018e8399b2021-12-21 11:27:10.165root 11241100x8000000000000000530367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6f828e9ad0f4662021-12-21 11:27:10.165root 11241100x8000000000000000530368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c705a19398f29b2021-12-21 11:27:10.165root 11241100x8000000000000000530369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bd83dc4c0142132021-12-21 11:27:10.165root 11241100x8000000000000000530370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60db5ce44b4da88d2021-12-21 11:27:10.166root 11241100x8000000000000000530371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f91f108b566fa32021-12-21 11:27:10.166root 11241100x8000000000000000530372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adfb339edbf6a762021-12-21 11:27:10.166root 11241100x8000000000000000530373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0c876ef6394c192021-12-21 11:27:10.166root 11241100x8000000000000000530374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7d8c9ee06a44212021-12-21 11:27:10.443root 11241100x8000000000000000530375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b30d73786760132021-12-21 11:27:10.443root 11241100x8000000000000000530376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956047b09891a13f2021-12-21 11:27:10.443root 11241100x8000000000000000530377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888770eb8594a1dc2021-12-21 11:27:10.443root 11241100x8000000000000000530378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4544908742cd6b22021-12-21 11:27:10.443root 11241100x8000000000000000530379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74880f055d84891e2021-12-21 11:27:10.443root 11241100x8000000000000000530380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0daa860bc027eba2021-12-21 11:27:10.443root 11241100x8000000000000000530381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7809356dcd5f363e2021-12-21 11:27:10.443root 11241100x8000000000000000530382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11b3e329239d402021-12-21 11:27:10.943root 11241100x8000000000000000530383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f264d03f71509fd2021-12-21 11:27:10.943root 11241100x8000000000000000530384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b9c3ce43baa83b2021-12-21 11:27:10.943root 11241100x8000000000000000530385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42a2cf4a284c7282021-12-21 11:27:10.943root 11241100x8000000000000000530386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b5f5ae640ff9012021-12-21 11:27:10.943root 11241100x8000000000000000530387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd34d438d3cd667e2021-12-21 11:27:10.943root 11241100x8000000000000000530388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fba32070c555432021-12-21 11:27:10.944root 11241100x8000000000000000530389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f8fb3e97324d862021-12-21 11:27:10.944root 534500x8000000000000000530390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:10.950{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000530391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc440d181c28652021-12-21 11:27:11.443root 11241100x8000000000000000530392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5b469829b7ffeb2021-12-21 11:27:11.443root 11241100x8000000000000000530393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e155fca12fadb42021-12-21 11:27:11.443root 11241100x8000000000000000530394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162d98e7a68f1c42021-12-21 11:27:11.443root 11241100x8000000000000000530395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85622176b2da052021-12-21 11:27:11.443root 11241100x8000000000000000530396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507dbdc70c29e2892021-12-21 11:27:11.443root 11241100x8000000000000000530397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09826399dbcaaa02021-12-21 11:27:11.443root 11241100x8000000000000000530398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6307736ca78e2bd2021-12-21 11:27:11.443root 11241100x8000000000000000530399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a81b67f234eb4262021-12-21 11:27:11.444root 11241100x8000000000000000530400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df250dfcd732914e2021-12-21 11:27:11.943root 11241100x8000000000000000530401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fbe888843c061a2021-12-21 11:27:11.943root 11241100x8000000000000000530402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1cd765781496532021-12-21 11:27:11.943root 11241100x8000000000000000530403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad9916e7f386022021-12-21 11:27:11.943root 11241100x8000000000000000530404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5557c81f430136f22021-12-21 11:27:11.943root 11241100x8000000000000000530405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc340077cad47692021-12-21 11:27:11.943root 11241100x8000000000000000530406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99b0c5ea778822e2021-12-21 11:27:11.943root 11241100x8000000000000000530407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc30f2d81eadab2a2021-12-21 11:27:11.944root 11241100x8000000000000000530408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef10f8612ed0c82021-12-21 11:27:11.944root 11241100x8000000000000000530409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c2afa597862f052021-12-21 11:27:12.443root 11241100x8000000000000000530410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e843bbaf60da2502021-12-21 11:27:12.443root 11241100x8000000000000000530411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db49c20b1439b6ca2021-12-21 11:27:12.443root 11241100x8000000000000000530412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a55fd78aba63cb62021-12-21 11:27:12.443root 11241100x8000000000000000530413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0672c4395ff2c60e2021-12-21 11:27:12.443root 11241100x8000000000000000530414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfea0db458632142021-12-21 11:27:12.443root 11241100x8000000000000000530415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e215f4f3ecb942112021-12-21 11:27:12.443root 11241100x8000000000000000530416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e78cab625c08aae2021-12-21 11:27:12.443root 11241100x8000000000000000530417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5b9c6ad616d76f2021-12-21 11:27:12.443root 11241100x8000000000000000530418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c34a76b18eaa56c2021-12-21 11:27:12.943root 11241100x8000000000000000530419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d299d8935575b12021-12-21 11:27:12.943root 11241100x8000000000000000530420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180cd6af38b2d61f2021-12-21 11:27:12.943root 11241100x8000000000000000530421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8f36abf43ba9c12021-12-21 11:27:12.943root 11241100x8000000000000000530422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb6cec1f2de24452021-12-21 11:27:12.943root 11241100x8000000000000000530423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fe5f8539b8d1302021-12-21 11:27:12.943root 11241100x8000000000000000530424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edc703397bc83322021-12-21 11:27:12.943root 11241100x8000000000000000530425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e89babe994b2952021-12-21 11:27:12.943root 11241100x8000000000000000530426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dfb069c67a00752021-12-21 11:27:12.943root 11241100x8000000000000000530427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c604f5836ee73f2021-12-21 11:27:13.443root 11241100x8000000000000000530428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8317055379d899692021-12-21 11:27:13.443root 11241100x8000000000000000530429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373f9442a14f8d942021-12-21 11:27:13.443root 11241100x8000000000000000530430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508ecc571bcf4de02021-12-21 11:27:13.443root 11241100x8000000000000000530431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897ab9082b7086502021-12-21 11:27:13.443root 11241100x8000000000000000530432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3296b3eb3b66e1d2021-12-21 11:27:13.443root 11241100x8000000000000000530433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f59d922f4c4be12021-12-21 11:27:13.443root 11241100x8000000000000000530434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52fca80fcd409cd2021-12-21 11:27:13.443root 11241100x8000000000000000530435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaee2a7f98e36f32021-12-21 11:27:13.443root 11241100x8000000000000000530436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c37d6a3500672c2021-12-21 11:27:13.942root 11241100x8000000000000000530437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2077d627f19aa3c62021-12-21 11:27:13.943root 11241100x8000000000000000530438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3763a2e69830a2a2021-12-21 11:27:13.943root 11241100x8000000000000000530439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37da944e8f411362021-12-21 11:27:13.943root 11241100x8000000000000000530440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f999a3b9f6138442021-12-21 11:27:13.943root 11241100x8000000000000000530441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a98bfe4a33a7972021-12-21 11:27:13.944root 11241100x8000000000000000530442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28abd67598ffa78a2021-12-21 11:27:13.944root 11241100x8000000000000000530443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482b0c386538e2e52021-12-21 11:27:13.944root 11241100x8000000000000000530444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4157aef54d348072021-12-21 11:27:13.944root 11241100x8000000000000000530445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9037a378e452802021-12-21 11:27:14.443root 11241100x8000000000000000530446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6d0a7ba286a8832021-12-21 11:27:14.443root 11241100x8000000000000000530447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133b808adac8a9222021-12-21 11:27:14.443root 11241100x8000000000000000530448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27babc81ea2349362021-12-21 11:27:14.443root 11241100x8000000000000000530449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec353884c432c8a2021-12-21 11:27:14.443root 11241100x8000000000000000530450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa84d4aa559fb0652021-12-21 11:27:14.443root 11241100x8000000000000000530451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254464ecad12a7812021-12-21 11:27:14.443root 11241100x8000000000000000530452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2768fd39add72012021-12-21 11:27:14.443root 11241100x8000000000000000530453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d1b55fdcfe75af2021-12-21 11:27:14.444root 11241100x8000000000000000530454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bebe4341777e012021-12-21 11:27:14.943root 11241100x8000000000000000530455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86748af562446fb2021-12-21 11:27:14.943root 11241100x8000000000000000530456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b3b6991af9e5a22021-12-21 11:27:14.943root 11241100x8000000000000000530457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c299bb25d2740a82021-12-21 11:27:14.943root 11241100x8000000000000000530458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d7769edb492cc92021-12-21 11:27:14.943root 11241100x8000000000000000530459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909fe60885bbd8b02021-12-21 11:27:14.943root 11241100x8000000000000000530460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59807622942b8632021-12-21 11:27:14.943root 11241100x8000000000000000530461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb1caac9911de0e2021-12-21 11:27:14.943root 11241100x8000000000000000530462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d649c0422b23e6b72021-12-21 11:27:14.943root 11241100x8000000000000000530463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352455a447e58df82021-12-21 11:27:15.443root 11241100x8000000000000000530464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ed62a2b987ede82021-12-21 11:27:15.443root 11241100x8000000000000000530465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88034086d8d9f50d2021-12-21 11:27:15.443root 11241100x8000000000000000530466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9800428c6756f992021-12-21 11:27:15.443root 11241100x8000000000000000530467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e0211973321af2021-12-21 11:27:15.443root 11241100x8000000000000000530468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856f21cf2892dd3c2021-12-21 11:27:15.443root 11241100x8000000000000000530469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915aeb09036a8e6a2021-12-21 11:27:15.443root 11241100x8000000000000000530470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c701187810ad392021-12-21 11:27:15.443root 11241100x8000000000000000530471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b806aa82eb34e72021-12-21 11:27:15.444root 154100x8000000000000000530472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.898{ec2b6afe-ba13-61c1-6804-739c99550000}9867/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000530473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f75359d25d25e42021-12-21 11:27:15.899root 11241100x8000000000000000530474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6ee68d37412b5e2021-12-21 11:27:15.899root 11241100x8000000000000000530475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ba9db721255212021-12-21 11:27:15.899root 11241100x8000000000000000530476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db0f13504bb62372021-12-21 11:27:15.900root 11241100x8000000000000000530477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc58a7f04d22e0992021-12-21 11:27:15.900root 11241100x8000000000000000530478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b60c8eab3330dd2021-12-21 11:27:15.900root 11241100x8000000000000000530479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f76b26275866ef62021-12-21 11:27:15.900root 11241100x8000000000000000530480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e091619f349542021-12-21 11:27:15.900root 11241100x8000000000000000530481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8719f3d0e67f7f5d2021-12-21 11:27:15.900root 11241100x8000000000000000530482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116ae97db86a8b942021-12-21 11:27:15.900root 534500x8000000000000000530483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:15.907{ec2b6afe-ba13-61c1-6804-739c99550000}9867/bin/psroot 354300x8000000000000000530484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.068{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48560-false10.0.1.12-8000- 11241100x8000000000000000530485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f2f99cabb512532021-12-21 11:27:16.193root 11241100x8000000000000000530486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb2f5e4bc22af572021-12-21 11:27:16.193root 11241100x8000000000000000530487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d12c28e7cb029712021-12-21 11:27:16.193root 11241100x8000000000000000530488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41afaee12fc5193b2021-12-21 11:27:16.193root 11241100x8000000000000000530489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae05cd1ba6cb9342021-12-21 11:27:16.193root 11241100x8000000000000000530490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee1e4ec06143ccd2021-12-21 11:27:16.193root 11241100x8000000000000000530491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e599fa533819de2021-12-21 11:27:16.193root 11241100x8000000000000000530492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9538d6d552ba56782021-12-21 11:27:16.194root 11241100x8000000000000000530493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed624a0bdc68a6372021-12-21 11:27:16.194root 11241100x8000000000000000530494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861e450c2786e2492021-12-21 11:27:16.194root 11241100x8000000000000000530495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bdc07cbc83cc2a2021-12-21 11:27:16.194root 11241100x8000000000000000530496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f5c48cc0c213fc2021-12-21 11:27:16.194root 11241100x8000000000000000530497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fb27de610c7c6f2021-12-21 11:27:16.693root 11241100x8000000000000000530498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da490e387c2c932021-12-21 11:27:16.693root 11241100x8000000000000000530499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c28c31df23cfbc2021-12-21 11:27:16.693root 11241100x8000000000000000530500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d56bd04ec90e022021-12-21 11:27:16.693root 11241100x8000000000000000530501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4671ae70cccd24e2021-12-21 11:27:16.693root 11241100x8000000000000000530502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdd0442796012a12021-12-21 11:27:16.693root 11241100x8000000000000000530503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91498dba45a6815e2021-12-21 11:27:16.693root 11241100x8000000000000000530504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a98aa405eea9492021-12-21 11:27:16.694root 11241100x8000000000000000530505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61212cc4d1ca522d2021-12-21 11:27:16.694root 11241100x8000000000000000530506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0364805da8a7570c2021-12-21 11:27:16.694root 11241100x8000000000000000530507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347f7ca3e403f3e42021-12-21 11:27:16.694root 11241100x8000000000000000530508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43e6e95ddd1d70f2021-12-21 11:27:16.694root 11241100x8000000000000000530509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce83e734d3bc12c2021-12-21 11:27:17.193root 11241100x8000000000000000530510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d22727ac94a9982021-12-21 11:27:17.193root 11241100x8000000000000000530511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bcaa5d080e6d552021-12-21 11:27:17.193root 11241100x8000000000000000530512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d0cab5841db3f42021-12-21 11:27:17.193root 11241100x8000000000000000530513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0503b91cce4157af2021-12-21 11:27:17.193root 11241100x8000000000000000530514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2214c0547b6c30872021-12-21 11:27:17.193root 11241100x8000000000000000530515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66be2dff4e9f15a2021-12-21 11:27:17.193root 11241100x8000000000000000530516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082cf14f559185b12021-12-21 11:27:17.193root 11241100x8000000000000000530517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ec9c4d176c8d042021-12-21 11:27:17.193root 11241100x8000000000000000530518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89bc6dc003337c62021-12-21 11:27:17.194root 11241100x8000000000000000530519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa74db9f13d2b0e2021-12-21 11:27:17.194root 11241100x8000000000000000530520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d0528fb1f33a792021-12-21 11:27:17.194root 11241100x8000000000000000530521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffe8ccbc9a555a62021-12-21 11:27:17.693root 11241100x8000000000000000530522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471ea76b060becba2021-12-21 11:27:17.693root 11241100x8000000000000000530523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39589118ccc74cb2021-12-21 11:27:17.693root 11241100x8000000000000000530524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25386b3f0ed4c1022021-12-21 11:27:17.693root 11241100x8000000000000000530525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3187f2be51e1c5e2021-12-21 11:27:17.693root 11241100x8000000000000000530526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283d8a3956dde24c2021-12-21 11:27:17.693root 11241100x8000000000000000530527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487a7d3d195b6e52021-12-21 11:27:17.693root 11241100x8000000000000000530528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4578befdec1585602021-12-21 11:27:17.693root 11241100x8000000000000000530529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34f6643857bf5e02021-12-21 11:27:17.693root 11241100x8000000000000000530530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8ca4eb6ea248022021-12-21 11:27:17.694root 11241100x8000000000000000530531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80dd6d77937cb8c2021-12-21 11:27:17.694root 11241100x8000000000000000530532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2402cdb9d4f672021-12-21 11:27:17.694root 11241100x8000000000000000530533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9808d70bcc6dd72021-12-21 11:27:18.193root 11241100x8000000000000000530534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8541399ab71f932021-12-21 11:27:18.193root 11241100x8000000000000000530535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36fa1ecf75062782021-12-21 11:27:18.193root 11241100x8000000000000000530536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903054da8e356f02021-12-21 11:27:18.193root 11241100x8000000000000000530537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72536d1cbedec582021-12-21 11:27:18.193root 11241100x8000000000000000530538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbc78a30edc248d2021-12-21 11:27:18.193root 11241100x8000000000000000530539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce15dcd2392737292021-12-21 11:27:18.194root 11241100x8000000000000000530540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8e2ccf83a3da862021-12-21 11:27:18.194root 11241100x8000000000000000530541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f918b18147e532021-12-21 11:27:18.194root 11241100x8000000000000000530542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c349b5611bb4c42021-12-21 11:27:18.194root 11241100x8000000000000000530543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23694648536c7f212021-12-21 11:27:18.194root 11241100x8000000000000000530544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d23ffb5565b379f2021-12-21 11:27:18.194root 11241100x8000000000000000530545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57817e6b9107f4792021-12-21 11:27:18.693root 11241100x8000000000000000530546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aca4374dc84dc22021-12-21 11:27:18.693root 11241100x8000000000000000530547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad59193c68ad5a2021-12-21 11:27:18.693root 11241100x8000000000000000530548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cba2255881adf62021-12-21 11:27:18.693root 11241100x8000000000000000530549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cf9448c7b3a76d2021-12-21 11:27:18.693root 11241100x8000000000000000530550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664a7e49108c82272021-12-21 11:27:18.693root 11241100x8000000000000000530551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389230e7bd905d7a2021-12-21 11:27:18.693root 11241100x8000000000000000530552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e51d42aeac455a2021-12-21 11:27:18.693root 11241100x8000000000000000530553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef7293415202ded2021-12-21 11:27:18.693root 11241100x8000000000000000530554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ca447bbc28138b2021-12-21 11:27:18.694root 11241100x8000000000000000530555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68ad478256951182021-12-21 11:27:18.694root 11241100x8000000000000000530556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a65b5beed40476c2021-12-21 11:27:18.694root 11241100x8000000000000000530557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b16a0989ff20d052021-12-21 11:27:19.193root 11241100x8000000000000000530558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfc7dcb20f6ba7b2021-12-21 11:27:19.193root 11241100x8000000000000000530559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda610a0581e76a62021-12-21 11:27:19.193root 11241100x8000000000000000530560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388797b4ad0e676d2021-12-21 11:27:19.193root 11241100x8000000000000000530561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df74d5444ac6c74b2021-12-21 11:27:19.193root 11241100x8000000000000000530562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f165b5f01fd63b122021-12-21 11:27:19.193root 11241100x8000000000000000530563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4bd6b3489ffeb2021-12-21 11:27:19.193root 11241100x8000000000000000530564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84c5929ba964c5d2021-12-21 11:27:19.193root 11241100x8000000000000000530565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0f2a97d718dab42021-12-21 11:27:19.193root 11241100x8000000000000000530566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b22bb22d2555fbe2021-12-21 11:27:19.194root 11241100x8000000000000000530567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f228b652c8162322021-12-21 11:27:19.194root 11241100x8000000000000000530568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687799fe3553c9512021-12-21 11:27:19.194root 11241100x8000000000000000530569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42a4482266f559f2021-12-21 11:27:19.693root 11241100x8000000000000000530570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f513eff3a63cd2d2021-12-21 11:27:19.693root 11241100x8000000000000000530571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6efbb6e5eda9c942021-12-21 11:27:19.693root 11241100x8000000000000000530572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8916cc51999b6f72021-12-21 11:27:19.693root 11241100x8000000000000000530573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0aed59761ad6832021-12-21 11:27:19.693root 11241100x8000000000000000530574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa10c0fb6ccfb172021-12-21 11:27:19.693root 11241100x8000000000000000530575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4e841ed54efffe2021-12-21 11:27:19.693root 11241100x8000000000000000530576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8541587c4b91b2b2021-12-21 11:27:19.693root 11241100x8000000000000000530577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835bd851f9b639002021-12-21 11:27:19.693root 11241100x8000000000000000530578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb2c31a614df4202021-12-21 11:27:19.694root 11241100x8000000000000000530579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae4adca7687e3d72021-12-21 11:27:19.694root 11241100x8000000000000000530580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32ed4190f2f5282021-12-21 11:27:19.694root 11241100x8000000000000000530581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af0173a2be785912021-12-21 11:27:20.193root 11241100x8000000000000000530582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb05b442c70ba4ff2021-12-21 11:27:20.193root 11241100x8000000000000000530583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284037336a350f8d2021-12-21 11:27:20.193root 11241100x8000000000000000530584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88033a32b34a11482021-12-21 11:27:20.193root 11241100x8000000000000000530585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492dad9cd5524cb52021-12-21 11:27:20.193root 11241100x8000000000000000530586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5808c139b0ae955f2021-12-21 11:27:20.193root 11241100x8000000000000000530587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545304bc67201ca62021-12-21 11:27:20.193root 11241100x8000000000000000530588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7ded3a7f6290e42021-12-21 11:27:20.193root 11241100x8000000000000000530589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae3e57367f4f0fd2021-12-21 11:27:20.193root 11241100x8000000000000000530590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7fe10c348362d22021-12-21 11:27:20.193root 11241100x8000000000000000530591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee48f3b00689772021-12-21 11:27:20.194root 11241100x8000000000000000530592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de7179f3497c4462021-12-21 11:27:20.194root 11241100x8000000000000000530593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66fd724b987f1f92021-12-21 11:27:20.693root 11241100x8000000000000000530594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7e311daeecf6872021-12-21 11:27:20.693root 11241100x8000000000000000530595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cff68e6039924f82021-12-21 11:27:20.693root 11241100x8000000000000000530596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65689d1586649ca32021-12-21 11:27:20.693root 11241100x8000000000000000530597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584b384c25f45f782021-12-21 11:27:20.693root 11241100x8000000000000000530598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5df4b96103195a2021-12-21 11:27:20.693root 11241100x8000000000000000530599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d100eae66180e42021-12-21 11:27:20.693root 11241100x8000000000000000530600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2438c231250dc33b2021-12-21 11:27:20.693root 11241100x8000000000000000530601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab28bd7893c7dc92021-12-21 11:27:20.693root 11241100x8000000000000000530602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f2f694a5a35ae72021-12-21 11:27:20.694root 11241100x8000000000000000530603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b54cc3a8469ce722021-12-21 11:27:20.694root 11241100x8000000000000000530604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b88f4dba55fd52021-12-21 11:27:20.694root 354300x8000000000000000530605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.178{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48562-false10.0.1.12-8000- 11241100x8000000000000000530606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086494e21073d9b2021-12-21 11:27:21.178root 11241100x8000000000000000530607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d504bc59f714a852021-12-21 11:27:21.178root 11241100x8000000000000000530608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147f5ac574fadbcc2021-12-21 11:27:21.178root 11241100x8000000000000000530609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd785913531444ac2021-12-21 11:27:21.178root 11241100x8000000000000000530610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144b9f65c5b17a542021-12-21 11:27:21.179root 11241100x8000000000000000530611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7f25206ca177552021-12-21 11:27:21.179root 11241100x8000000000000000530612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae594d0eaeaec92021-12-21 11:27:21.179root 11241100x8000000000000000530613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a990479dc89525b32021-12-21 11:27:21.179root 11241100x8000000000000000530614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0294146c687624142021-12-21 11:27:21.179root 11241100x8000000000000000530615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2afd996eef4732c2021-12-21 11:27:21.179root 11241100x8000000000000000530616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd6a55065e2f5812021-12-21 11:27:21.179root 11241100x8000000000000000530617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa75955574770702021-12-21 11:27:21.179root 11241100x8000000000000000530618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef24ae75b1c94452021-12-21 11:27:21.179root 11241100x8000000000000000530619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20f29a0b5c2140e2021-12-21 11:27:21.443root 11241100x8000000000000000530620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c774c226a0e992402021-12-21 11:27:21.443root 11241100x8000000000000000530621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3249e78b3f9d2b42021-12-21 11:27:21.443root 11241100x8000000000000000530622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4921068a4f81f4a2021-12-21 11:27:21.444root 11241100x8000000000000000530623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972f524d144f0d112021-12-21 11:27:21.444root 11241100x8000000000000000530624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c601df774ce59ad52021-12-21 11:27:21.444root 11241100x8000000000000000530625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0652b7a8ecd75c2021-12-21 11:27:21.444root 11241100x8000000000000000530626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc2c33fc74210862021-12-21 11:27:21.444root 11241100x8000000000000000530627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe85ebc87e1e0852021-12-21 11:27:21.444root 11241100x8000000000000000530628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5971c12bd33569922021-12-21 11:27:21.444root 11241100x8000000000000000530629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6bcc92229474c82021-12-21 11:27:21.444root 11241100x8000000000000000530630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9cdc903be521042021-12-21 11:27:21.444root 11241100x8000000000000000530631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bb12acd6025dcf2021-12-21 11:27:21.445root 11241100x8000000000000000530632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc985f782c3bcb522021-12-21 11:27:21.943root 11241100x8000000000000000530633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c726e8a10aa7d60b2021-12-21 11:27:21.943root 11241100x8000000000000000530634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6be41c29379e602021-12-21 11:27:21.943root 11241100x8000000000000000530635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de7091c15fa39702021-12-21 11:27:21.943root 11241100x8000000000000000530636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecef3c035fe004542021-12-21 11:27:21.943root 11241100x8000000000000000530637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c58fa55c897e0042021-12-21 11:27:21.943root 11241100x8000000000000000530638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b48ca2fcaafcb62021-12-21 11:27:21.943root 11241100x8000000000000000530639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad170f5b3f81c102021-12-21 11:27:21.943root 11241100x8000000000000000530640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aad576d78819982021-12-21 11:27:21.944root 11241100x8000000000000000530641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c924c78e74caa762021-12-21 11:27:21.944root 11241100x8000000000000000530642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5b10cffe7b5cda2021-12-21 11:27:21.944root 11241100x8000000000000000530643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5d1ebf10f4f0512021-12-21 11:27:21.944root 11241100x8000000000000000530644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb7c6982fc0ffb2021-12-21 11:27:21.944root 11241100x8000000000000000530645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54561f52c0c386f2021-12-21 11:27:22.443root 11241100x8000000000000000530646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b965af3a9a07302021-12-21 11:27:22.443root 11241100x8000000000000000530647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b6e72600757f62021-12-21 11:27:22.443root 11241100x8000000000000000530648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcd6c254664c6a12021-12-21 11:27:22.443root 11241100x8000000000000000530649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf49ef72fdfbd8a2021-12-21 11:27:22.443root 11241100x8000000000000000530650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c03eb62631477e2021-12-21 11:27:22.443root 11241100x8000000000000000530651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f531774fd5d3328e2021-12-21 11:27:22.444root 11241100x8000000000000000530652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dbfdce793dd7ec2021-12-21 11:27:22.444root 11241100x8000000000000000530653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef6d71a9aa2eb902021-12-21 11:27:22.444root 11241100x8000000000000000530654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5297ac9df1c1bc602021-12-21 11:27:22.444root 11241100x8000000000000000530655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1187c411382a43b2021-12-21 11:27:22.444root 11241100x8000000000000000530656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39d791f1c35837f2021-12-21 11:27:22.444root 11241100x8000000000000000530657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b34d6a7696f222021-12-21 11:27:22.444root 11241100x8000000000000000530658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a99b26916846bf2021-12-21 11:27:22.943root 11241100x8000000000000000530659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb68b4a3e4aa7792021-12-21 11:27:22.943root 11241100x8000000000000000530660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585ae4a89fb285fd2021-12-21 11:27:22.943root 11241100x8000000000000000530661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698d4736ea9869cb2021-12-21 11:27:22.943root 11241100x8000000000000000530662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a259681e8c798ad32021-12-21 11:27:22.943root 11241100x8000000000000000530663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3825c987ec3ccde32021-12-21 11:27:22.943root 11241100x8000000000000000530664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fdb685c30991b2021-12-21 11:27:22.944root 11241100x8000000000000000530665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69780466147ec092021-12-21 11:27:22.944root 11241100x8000000000000000530666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff8220be2ac656d2021-12-21 11:27:22.944root 11241100x8000000000000000530667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1107b78278045762021-12-21 11:27:22.944root 11241100x8000000000000000530668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b95875c84b3ba62021-12-21 11:27:22.944root 11241100x8000000000000000530669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff9b41b4e8638012021-12-21 11:27:22.944root 11241100x8000000000000000530670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3466d44c60b180142021-12-21 11:27:22.944root 11241100x8000000000000000530671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c1ebf2f37e411b2021-12-21 11:27:23.443root 11241100x8000000000000000530672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee69537c3ad35662021-12-21 11:27:23.443root 11241100x8000000000000000530673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e5601d6bb97bf72021-12-21 11:27:23.443root 11241100x8000000000000000530674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5983425b0a7855a42021-12-21 11:27:23.443root 11241100x8000000000000000530675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6c70b35d6e35932021-12-21 11:27:23.443root 11241100x8000000000000000530676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b54e0b91180e4a02021-12-21 11:27:23.443root 11241100x8000000000000000530677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882a880ba5b5b6432021-12-21 11:27:23.443root 11241100x8000000000000000530678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cfb2a6ba49ff6a2021-12-21 11:27:23.444root 11241100x8000000000000000530679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9f0ec2fbd672ce2021-12-21 11:27:23.444root 11241100x8000000000000000530680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb52cdafafdbc72021-12-21 11:27:23.444root 11241100x8000000000000000530681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12beb5a0b64d1bff2021-12-21 11:27:23.444root 11241100x8000000000000000530682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6574816e2ac89f582021-12-21 11:27:23.444root 11241100x8000000000000000530683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd06ee12a3d52942021-12-21 11:27:23.444root 11241100x8000000000000000530684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20f537b761e0ba2021-12-21 11:27:23.943root 11241100x8000000000000000530685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89af972456e672532021-12-21 11:27:23.943root 11241100x8000000000000000530686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f7dbd7165dfd32021-12-21 11:27:23.943root 11241100x8000000000000000530687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8983823ce09bd4e52021-12-21 11:27:23.943root 11241100x8000000000000000530688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9d83cc1163983a2021-12-21 11:27:23.943root 11241100x8000000000000000530689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b785f79407cd44912021-12-21 11:27:23.943root 11241100x8000000000000000530690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971e9d993d0fa5fe2021-12-21 11:27:23.943root 11241100x8000000000000000530691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae1444132c56092021-12-21 11:27:23.943root 11241100x8000000000000000530692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4a4e180b95186f2021-12-21 11:27:23.944root 11241100x8000000000000000530693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189d6550dde908a62021-12-21 11:27:23.944root 11241100x8000000000000000530694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b340b89153d4b972021-12-21 11:27:23.944root 11241100x8000000000000000530695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde46b4f0ed1ae502021-12-21 11:27:23.944root 11241100x8000000000000000530696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900487ec62b651612021-12-21 11:27:23.944root 11241100x8000000000000000530697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb6a15f8102fa8c2021-12-21 11:27:24.443root 11241100x8000000000000000530698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b651a92d333d2682021-12-21 11:27:24.443root 11241100x8000000000000000530699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862ac77e2269f4282021-12-21 11:27:24.443root 11241100x8000000000000000530700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226a89fea7dfd49b2021-12-21 11:27:24.443root 11241100x8000000000000000530701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaacb24ca4201b42021-12-21 11:27:24.443root 11241100x8000000000000000530702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb30c2420ab729b52021-12-21 11:27:24.444root 11241100x8000000000000000530703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f394d821f16992b2021-12-21 11:27:24.444root 11241100x8000000000000000530704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f3966cb2690e182021-12-21 11:27:24.444root 11241100x8000000000000000530705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edea27d5088ac6f2021-12-21 11:27:24.444root 11241100x8000000000000000530706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472636712e1e8c3a2021-12-21 11:27:24.444root 11241100x8000000000000000530707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d414a464d250db2021-12-21 11:27:24.444root 11241100x8000000000000000530708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e03f4aedc1d529b2021-12-21 11:27:24.444root 11241100x8000000000000000530709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31c3fb3476cc7872021-12-21 11:27:24.444root 11241100x8000000000000000530710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae7f359dd7761782021-12-21 11:27:24.943root 11241100x8000000000000000530711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1201c312caab4e2021-12-21 11:27:24.943root 11241100x8000000000000000530712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0121d36db908b72021-12-21 11:27:24.943root 11241100x8000000000000000530713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f160d61dee1d8f2021-12-21 11:27:24.943root 11241100x8000000000000000530714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1c2828fb0ef24e2021-12-21 11:27:24.943root 11241100x8000000000000000530715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959ecd840e15b9042021-12-21 11:27:24.943root 11241100x8000000000000000530716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43beb79dbac27b202021-12-21 11:27:24.943root 11241100x8000000000000000530717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c12b6b39d4a81562021-12-21 11:27:24.944root 11241100x8000000000000000530718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c63ca577d9730962021-12-21 11:27:24.944root 11241100x8000000000000000530719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85e99b4f7e8bdd2021-12-21 11:27:24.944root 11241100x8000000000000000530720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa657bbaf63fcc72021-12-21 11:27:24.944root 11241100x8000000000000000530721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f91564b9196d2452021-12-21 11:27:24.944root 11241100x8000000000000000530722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378916bb5c8235692021-12-21 11:27:24.944root 11241100x8000000000000000530723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6089a1a155b906cc2021-12-21 11:27:25.443root 11241100x8000000000000000530724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163a1a99f3b1f9812021-12-21 11:27:25.443root 11241100x8000000000000000530725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c090e743311d973f2021-12-21 11:27:25.443root 11241100x8000000000000000530726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88f9e5d5b7f45cf2021-12-21 11:27:25.443root 11241100x8000000000000000530727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d347f8255711b2021-12-21 11:27:25.443root 11241100x8000000000000000530728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9fe9da4b6ecad2021-12-21 11:27:25.443root 11241100x8000000000000000530729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3a3f5b5248653e2021-12-21 11:27:25.443root 11241100x8000000000000000530730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb8169b0a56272e2021-12-21 11:27:25.443root 11241100x8000000000000000530731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20f86f5181451b2021-12-21 11:27:25.444root 11241100x8000000000000000530732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fd79c83e0f9f662021-12-21 11:27:25.444root 11241100x8000000000000000530733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2045b669ad1c5b2021-12-21 11:27:25.444root 11241100x8000000000000000530734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caf127e5e88171c2021-12-21 11:27:25.444root 11241100x8000000000000000530735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9812cb6f4eeb7dd92021-12-21 11:27:25.444root 354300x8000000000000000530736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.459{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35628-false10.0.1.12-8089- 154100x8000000000000000530737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.467{ec2b6afe-ba1d-61c1-8087-e94b73550000}9868/sbin/setcap-----setcap cap_net_raw+ep ./hello_test/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000530738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.469{ec2b6afe-ba1d-61c1-8087-e94b73550000}9868/sbin/setcapubuntu 11241100x8000000000000000530739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c10f7e187fad4b12021-12-21 11:27:25.943root 11241100x8000000000000000530740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03888daf15ae4b72021-12-21 11:27:25.943root 11241100x8000000000000000530741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0bfc6d6783ff102021-12-21 11:27:25.943root 11241100x8000000000000000530742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187cc7b78812b46f2021-12-21 11:27:25.943root 11241100x8000000000000000530743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2070e7b330d39882021-12-21 11:27:25.943root 11241100x8000000000000000530744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0493ba53f736d9ea2021-12-21 11:27:25.943root 11241100x8000000000000000530745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471d6b656888827c2021-12-21 11:27:25.943root 11241100x8000000000000000530746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf009054097254882021-12-21 11:27:25.944root 11241100x8000000000000000530747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771d0379c7fdd9bd2021-12-21 11:27:25.944root 11241100x8000000000000000530748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51deb949f21a6572021-12-21 11:27:25.944root 11241100x8000000000000000530749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e38295973b9b7412021-12-21 11:27:25.944root 11241100x8000000000000000530750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b68a15a603f0292021-12-21 11:27:25.944root 11241100x8000000000000000530751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d46a28fdc077af2021-12-21 11:27:25.944root 11241100x8000000000000000530752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda90bcf4a19b6d2021-12-21 11:27:25.944root 11241100x8000000000000000530753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aefb4c2203c25f62021-12-21 11:27:25.944root 11241100x8000000000000000530754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225c845005ae48822021-12-21 11:27:25.944root 11241100x8000000000000000530755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffbedd8630fffc42021-12-21 11:27:26.443root 11241100x8000000000000000530756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f24883316803762021-12-21 11:27:26.443root 11241100x8000000000000000530757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eba208dbddc0f32021-12-21 11:27:26.443root 11241100x8000000000000000530758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557867bfc9d180d52021-12-21 11:27:26.443root 11241100x8000000000000000530759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7f5e628b02832e2021-12-21 11:27:26.443root 11241100x8000000000000000530760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee26bd765c9c75c2021-12-21 11:27:26.443root 11241100x8000000000000000530761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aab287c52e76f52021-12-21 11:27:26.444root 11241100x8000000000000000530762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f3f5ee492b71a82021-12-21 11:27:26.444root 11241100x8000000000000000530763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8c686ab3b87b342021-12-21 11:27:26.444root 11241100x8000000000000000530764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8456fb9d9587d2912021-12-21 11:27:26.444root 11241100x8000000000000000530765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6708debc08f5fdb72021-12-21 11:27:26.444root 11241100x8000000000000000530766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd99080bf90562b2021-12-21 11:27:26.444root 11241100x8000000000000000530767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702d4274627ad65b2021-12-21 11:27:26.444root 11241100x8000000000000000530768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91cd0c9fe32e85f2021-12-21 11:27:26.444root 11241100x8000000000000000530769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e81797b8c14fa852021-12-21 11:27:26.444root 11241100x8000000000000000530770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc2da42b10581d82021-12-21 11:27:26.444root 11241100x8000000000000000530771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d193229234ea8d2021-12-21 11:27:26.943root 11241100x8000000000000000530772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef9f5e60d28f3332021-12-21 11:27:26.943root 11241100x8000000000000000530773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460f776791e067552021-12-21 11:27:26.943root 11241100x8000000000000000530774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298c797e87d891832021-12-21 11:27:26.943root 11241100x8000000000000000530775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e01d5673cb7b94c2021-12-21 11:27:26.943root 11241100x8000000000000000530776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f805e364f86808eb2021-12-21 11:27:26.943root 11241100x8000000000000000530777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390c8b709be7dc462021-12-21 11:27:26.943root 11241100x8000000000000000530778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be971f5d0cd9fa2b2021-12-21 11:27:26.944root 11241100x8000000000000000530779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413753ce543bc182021-12-21 11:27:26.944root 11241100x8000000000000000530780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e71ea927a4f222021-12-21 11:27:26.944root 11241100x8000000000000000530781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72c0a6fb36229322021-12-21 11:27:26.944root 11241100x8000000000000000530782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d741436892ae9392021-12-21 11:27:26.944root 11241100x8000000000000000530783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23923aee10c77642021-12-21 11:27:26.944root 11241100x8000000000000000530784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2233997856123662021-12-21 11:27:26.944root 11241100x8000000000000000530785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f238c3bec77eb3c2021-12-21 11:27:26.944root 11241100x8000000000000000530786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795c2b4c3c1c9ee22021-12-21 11:27:26.944root 354300x8000000000000000530787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.168{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48566-false10.0.1.12-8000- 11241100x8000000000000000530788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8c6213ae73f3b82021-12-21 11:27:27.443root 11241100x8000000000000000530789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e030d67f31ca1d2021-12-21 11:27:27.443root 11241100x8000000000000000530790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fce9b2c4d64fb172021-12-21 11:27:27.443root 11241100x8000000000000000530791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0917ae0800c26fb92021-12-21 11:27:27.443root 11241100x8000000000000000530792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1712709803910b2021-12-21 11:27:27.443root 11241100x8000000000000000530793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0cd7f125ab0ff42021-12-21 11:27:27.443root 11241100x8000000000000000530794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eacddcf3ff441c62021-12-21 11:27:27.444root 11241100x8000000000000000530795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae953b716c98fce2021-12-21 11:27:27.444root 11241100x8000000000000000530796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1886c29d77472efe2021-12-21 11:27:27.444root 11241100x8000000000000000530797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ceb2be18dbf0ca2021-12-21 11:27:27.444root 11241100x8000000000000000530798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399ecfc6730eaf472021-12-21 11:27:27.444root 11241100x8000000000000000530799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979c5f7590c623302021-12-21 11:27:27.444root 11241100x8000000000000000530800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bc9b9a66c5d82e2021-12-21 11:27:27.444root 11241100x8000000000000000530801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba89d65696458222021-12-21 11:27:27.444root 11241100x8000000000000000530802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e2fb4220fd3ee72021-12-21 11:27:27.444root 11241100x8000000000000000530803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d7fe8054b522612021-12-21 11:27:27.444root 11241100x8000000000000000530804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bd5f493081f78a2021-12-21 11:27:27.444root 11241100x8000000000000000530805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f94d50ff6a88f5a2021-12-21 11:27:27.943root 11241100x8000000000000000530806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef5fd355572c6f52021-12-21 11:27:27.943root 11241100x8000000000000000530807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af05a5bcc93018222021-12-21 11:27:27.943root 11241100x8000000000000000530808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc8a4c0bfd61e3a2021-12-21 11:27:27.943root 11241100x8000000000000000530809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cfac4cc0fba7442021-12-21 11:27:27.943root 11241100x8000000000000000530810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7d17e92afaea2e2021-12-21 11:27:27.944root 11241100x8000000000000000530811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583a8791c808d77f2021-12-21 11:27:27.944root 11241100x8000000000000000530812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af71f13592ad7902021-12-21 11:27:27.944root 11241100x8000000000000000530813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dc27e2d1ce02582021-12-21 11:27:27.944root 11241100x8000000000000000530814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1188be5f062f10342021-12-21 11:27:27.944root 11241100x8000000000000000530815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338a441aefb5506a2021-12-21 11:27:27.944root 11241100x8000000000000000530816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20da4ae70efb6ff2021-12-21 11:27:27.944root 11241100x8000000000000000530817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eba249f77794092021-12-21 11:27:27.944root 11241100x8000000000000000530818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a4d2073e96135a2021-12-21 11:27:27.944root 11241100x8000000000000000530819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102ce317311ab0922021-12-21 11:27:27.944root 11241100x8000000000000000530820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f393870855798a8b2021-12-21 11:27:27.944root 11241100x8000000000000000530821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b019b58269cfb302021-12-21 11:27:27.944root 11241100x8000000000000000530822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039a1b12dcd0b35f2021-12-21 11:27:28.443root 11241100x8000000000000000530823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55e73f960c5b44c2021-12-21 11:27:28.443root 11241100x8000000000000000530824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165231e90156f7e42021-12-21 11:27:28.443root 11241100x8000000000000000530825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291f1ea67acef02e2021-12-21 11:27:28.443root 11241100x8000000000000000530826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e961e22fec382b2021-12-21 11:27:28.443root 11241100x8000000000000000530827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93caf69d83e2f44d2021-12-21 11:27:28.443root 11241100x8000000000000000530828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc45659ba8ac79012021-12-21 11:27:28.444root 11241100x8000000000000000530829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75311e9d7ecce17d2021-12-21 11:27:28.444root 11241100x8000000000000000530830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddcb049c48e248e2021-12-21 11:27:28.444root 11241100x8000000000000000530831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78a423cf3be58032021-12-21 11:27:28.444root 11241100x8000000000000000530832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcd257d34df78772021-12-21 11:27:28.444root 11241100x8000000000000000530833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee130017fc4dddf2021-12-21 11:27:28.444root 11241100x8000000000000000530834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc30d90a3f2f71e92021-12-21 11:27:28.444root 11241100x8000000000000000530835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daab2b64949520352021-12-21 11:27:28.444root 11241100x8000000000000000530836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ea9babaeba43ce2021-12-21 11:27:28.444root 11241100x8000000000000000530837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb09e63ba1580b02021-12-21 11:27:28.444root 11241100x8000000000000000530838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a05812429979222021-12-21 11:27:28.444root 11241100x8000000000000000530839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e135d5a5de530c4d2021-12-21 11:27:28.943root 11241100x8000000000000000530840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea098ce450a24d832021-12-21 11:27:28.943root 11241100x8000000000000000530841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8e50294722ba0a2021-12-21 11:27:28.943root 11241100x8000000000000000530842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978b0412806533372021-12-21 11:27:28.943root 11241100x8000000000000000530843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eef6dee81eadab2021-12-21 11:27:28.943root 11241100x8000000000000000530844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef98281918f0ed172021-12-21 11:27:28.943root 11241100x8000000000000000530845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a14a19a24c636a72021-12-21 11:27:28.944root 11241100x8000000000000000530846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b11d8c2b99921a2021-12-21 11:27:28.944root 11241100x8000000000000000530847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca221a64e7052b82021-12-21 11:27:28.944root 11241100x8000000000000000530848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528733d32e433292021-12-21 11:27:28.944root 11241100x8000000000000000530849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fa332e3c983e562021-12-21 11:27:28.944root 11241100x8000000000000000530850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72392c7fe55beba2021-12-21 11:27:28.944root 11241100x8000000000000000530851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd06f43d11a33d632021-12-21 11:27:28.944root 11241100x8000000000000000530852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25352b29afafadf2021-12-21 11:27:28.944root 11241100x8000000000000000530853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1300f09fd98172942021-12-21 11:27:28.944root 11241100x8000000000000000530854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63241639cab68fed2021-12-21 11:27:28.944root 11241100x8000000000000000530855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897a47aa80b3d5c02021-12-21 11:27:28.944root 11241100x8000000000000000530856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4406a0d80af0cc12021-12-21 11:27:29.443root 11241100x8000000000000000530857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92472337993a83d62021-12-21 11:27:29.443root 11241100x8000000000000000530858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e0c96b465cb6902021-12-21 11:27:29.443root 11241100x8000000000000000530859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7326fea3d34f92562021-12-21 11:27:29.443root 11241100x8000000000000000530860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a0f0eecc0946a2021-12-21 11:27:29.443root 11241100x8000000000000000530861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114375103bec7c1b2021-12-21 11:27:29.443root 11241100x8000000000000000530862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111c5e53a699e7162021-12-21 11:27:29.444root 11241100x8000000000000000530863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210bf4d83e438f062021-12-21 11:27:29.444root 11241100x8000000000000000530864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142088dc9c026edf2021-12-21 11:27:29.444root 11241100x8000000000000000530865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07c84fbdf80b4c72021-12-21 11:27:29.444root 11241100x8000000000000000530866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5597f599ffb2c9822021-12-21 11:27:29.444root 11241100x8000000000000000530867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef32fb2e2573f1ac2021-12-21 11:27:29.444root 11241100x8000000000000000530868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c29990d944bf8b2021-12-21 11:27:29.444root 11241100x8000000000000000530869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b08898030a5a2d2021-12-21 11:27:29.444root 11241100x8000000000000000530870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8b2eafccbb7bfb2021-12-21 11:27:29.444root 11241100x8000000000000000530871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aac334403fbe272021-12-21 11:27:29.444root 11241100x8000000000000000530872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1058ff5f3b7d69712021-12-21 11:27:29.444root 11241100x8000000000000000530873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cf1b7e65d3332d2021-12-21 11:27:29.943root 11241100x8000000000000000530874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c466be9d625a9d2021-12-21 11:27:29.943root 11241100x8000000000000000530875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59e7de7ac8afec02021-12-21 11:27:29.943root 11241100x8000000000000000530876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7697aa4b2d1f3ffb2021-12-21 11:27:29.943root 11241100x8000000000000000530877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7a8c9a91df03772021-12-21 11:27:29.943root 11241100x8000000000000000530878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa747313fd465c2021-12-21 11:27:29.943root 11241100x8000000000000000530879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c533f129bf1ef4ea2021-12-21 11:27:29.944root 11241100x8000000000000000530880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfdab799b3b7c4b2021-12-21 11:27:29.944root 11241100x8000000000000000530881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1114adb308cdfadc2021-12-21 11:27:29.944root 11241100x8000000000000000530882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fa655e0b4811c22021-12-21 11:27:29.944root 11241100x8000000000000000530883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a158d893d99f4ca2021-12-21 11:27:29.944root 11241100x8000000000000000530884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbeceec90859f1e2021-12-21 11:27:29.944root 11241100x8000000000000000530885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38b2243eac6d4c12021-12-21 11:27:29.944root 11241100x8000000000000000530886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95be535cf4302132021-12-21 11:27:29.944root 11241100x8000000000000000530887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d533d0e6931f0772021-12-21 11:27:29.944root 11241100x8000000000000000530888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f52d5f1b95eae52021-12-21 11:27:29.944root 11241100x8000000000000000530889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92913f67c076614c2021-12-21 11:27:29.944root 11241100x8000000000000000530890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e30dbbfa171a702021-12-21 11:27:30.443root 11241100x8000000000000000530891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0750109aeb7c62a22021-12-21 11:27:30.443root 11241100x8000000000000000530892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e33b3e49730d59b2021-12-21 11:27:30.443root 11241100x8000000000000000530893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fc82acaad396b82021-12-21 11:27:30.443root 11241100x8000000000000000530894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb07c443243ca802021-12-21 11:27:30.443root 11241100x8000000000000000530895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473f2b56854a7d2c2021-12-21 11:27:30.443root 11241100x8000000000000000530896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003fffe44b5463612021-12-21 11:27:30.444root 11241100x8000000000000000530897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55136fb3390b052021-12-21 11:27:30.444root 11241100x8000000000000000530898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144f479462dee0cc2021-12-21 11:27:30.444root 11241100x8000000000000000530899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af2beb7462de942021-12-21 11:27:30.444root 11241100x8000000000000000530900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef216950101775332021-12-21 11:27:30.444root 11241100x8000000000000000530901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8e272154e460d2021-12-21 11:27:30.444root 11241100x8000000000000000530902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f938bd99df6c9cfa2021-12-21 11:27:30.444root 11241100x8000000000000000530903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea7deb00f741c7a2021-12-21 11:27:30.444root 11241100x8000000000000000530904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91592cf52ea31f1a2021-12-21 11:27:30.444root 11241100x8000000000000000530905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76169821acce3b0f2021-12-21 11:27:30.444root 11241100x8000000000000000530906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a10f50bc948ddae2021-12-21 11:27:30.444root 11241100x8000000000000000530907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b60ffae4a5d57412021-12-21 11:27:30.943root 11241100x8000000000000000530908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617f6b7fe966c752021-12-21 11:27:30.943root 11241100x8000000000000000530909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d60f615ba119c12021-12-21 11:27:30.943root 11241100x8000000000000000530910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d084a1b6a87cf5e2021-12-21 11:27:30.943root 11241100x8000000000000000530911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8081cac624ee9d642021-12-21 11:27:30.943root 11241100x8000000000000000530912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e24a41b8429cfc2021-12-21 11:27:30.944root 11241100x8000000000000000530913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379a1e9b1e75567e2021-12-21 11:27:30.944root 11241100x8000000000000000530914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf29c5f04db9d7222021-12-21 11:27:30.944root 11241100x8000000000000000530915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c456cf80778e4e12021-12-21 11:27:30.944root 11241100x8000000000000000530916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e06f3846c3b39b72021-12-21 11:27:30.944root 11241100x8000000000000000530917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e781fe3af9118912021-12-21 11:27:30.944root 11241100x8000000000000000530918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d719bad0de836992021-12-21 11:27:30.944root 11241100x8000000000000000530919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b491f38e6b2622021-12-21 11:27:30.944root 11241100x8000000000000000530920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31752240d1321c122021-12-21 11:27:30.944root 11241100x8000000000000000530921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41126dda277f890a2021-12-21 11:27:30.944root 11241100x8000000000000000530922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40ccc6615a2a462021-12-21 11:27:30.944root 11241100x8000000000000000530923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700163d31b8695a02021-12-21 11:27:30.944root 11241100x8000000000000000530924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469dfd14bc79af0e2021-12-21 11:27:31.443root 11241100x8000000000000000530925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e521ae4eef74f39d2021-12-21 11:27:31.443root 11241100x8000000000000000530926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd239b63f937aa32021-12-21 11:27:31.443root 11241100x8000000000000000530927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf5e92eb21dd002021-12-21 11:27:31.443root 11241100x8000000000000000530928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b414a058c7c5aaee2021-12-21 11:27:31.443root 11241100x8000000000000000530929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225cce0160c54e122021-12-21 11:27:31.444root 11241100x8000000000000000530930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be486e0eb41bd2d2021-12-21 11:27:31.444root 11241100x8000000000000000530931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14183e38caca22ee2021-12-21 11:27:31.444root 11241100x8000000000000000530932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b218cf6ee95c05f72021-12-21 11:27:31.444root 11241100x8000000000000000530933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d889240b11aa4e82021-12-21 11:27:31.444root 11241100x8000000000000000530934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dffe42c801032072021-12-21 11:27:31.444root 11241100x8000000000000000530935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7626448a14e6f12021-12-21 11:27:31.444root 11241100x8000000000000000530936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3d4ae339a3ccd2021-12-21 11:27:31.444root 11241100x8000000000000000530937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d072ded994f29e2021-12-21 11:27:31.444root 11241100x8000000000000000530938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1252cba6db1e7f352021-12-21 11:27:31.444root 11241100x8000000000000000530939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593caab06a9dd772021-12-21 11:27:31.444root 11241100x8000000000000000530940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c98ca837c8701672021-12-21 11:27:31.445root 11241100x8000000000000000530941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f13e4d592b9bb6a2021-12-21 11:27:31.943root 11241100x8000000000000000530942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb80e64d3c4e4a82021-12-21 11:27:31.943root 11241100x8000000000000000530943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d8345cd93baf112021-12-21 11:27:31.943root 11241100x8000000000000000530944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1774aa7d46a82af22021-12-21 11:27:31.943root 11241100x8000000000000000530945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8070420aa1d5447d2021-12-21 11:27:31.943root 11241100x8000000000000000530946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ffdc50a96a936e2021-12-21 11:27:31.943root 11241100x8000000000000000530947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c9574f44a47cb22021-12-21 11:27:31.944root 11241100x8000000000000000530948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e6eceb9449425d2021-12-21 11:27:31.944root 11241100x8000000000000000530949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae015209426a303d2021-12-21 11:27:31.944root 11241100x8000000000000000530950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f625fa1f1e3ec2021-12-21 11:27:31.944root 11241100x8000000000000000530951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0865ece94ed15772021-12-21 11:27:31.944root 11241100x8000000000000000530952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb69753753aedac2021-12-21 11:27:31.944root 11241100x8000000000000000530953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94636760e9a40f4a2021-12-21 11:27:31.944root 11241100x8000000000000000530954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6e26cdaf50b0c72021-12-21 11:27:31.944root 11241100x8000000000000000530955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b5dafcc1e1e49b2021-12-21 11:27:31.944root 11241100x8000000000000000530956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c58ff39f7104122021-12-21 11:27:31.944root 11241100x8000000000000000530957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24183683dbda3a6d2021-12-21 11:27:31.944root 354300x8000000000000000530958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.176{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48568-false10.0.1.12-8000- 11241100x8000000000000000530959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a497aa8e9bfa2c2021-12-21 11:27:32.443root 11241100x8000000000000000530960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212141e6f12d996a2021-12-21 11:27:32.443root 11241100x8000000000000000530961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f674d30f595512021-12-21 11:27:32.443root 11241100x8000000000000000530962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d78e447ca9da3012021-12-21 11:27:32.443root 11241100x8000000000000000530963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869832c848cf1b72021-12-21 11:27:32.443root 11241100x8000000000000000530964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48616289ee2ce91a2021-12-21 11:27:32.444root 11241100x8000000000000000530965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bb7ce1258b91be2021-12-21 11:27:32.444root 11241100x8000000000000000530966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20392e1683a7cb2021-12-21 11:27:32.444root 11241100x8000000000000000530967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180acdaa3062a8ea2021-12-21 11:27:32.444root 11241100x8000000000000000530968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084cfa6c59f2da7b2021-12-21 11:27:32.444root 11241100x8000000000000000530969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ac104a5a7a5d932021-12-21 11:27:32.444root 11241100x8000000000000000530970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b37b5e761187bf2021-12-21 11:27:32.444root 11241100x8000000000000000530971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b431a7da679df592021-12-21 11:27:32.444root 11241100x8000000000000000530972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64364629809168082021-12-21 11:27:32.444root 11241100x8000000000000000530973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000c9f565c3389af2021-12-21 11:27:32.444root 11241100x8000000000000000530974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d9337052ea9d872021-12-21 11:27:32.444root 11241100x8000000000000000530975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb598ac1817d6f282021-12-21 11:27:32.444root 11241100x8000000000000000530976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c89b4d9f55a8a32021-12-21 11:27:32.444root 154100x8000000000000000530977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.758{ec2b6afe-ba24-61c1-80d7-d4c6c0550000}9869/sbin/setcap-----setcap cap_net_raw+ep ./evil_bin/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000530978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-ba24-61c1-80d7-d4c6c0550000}9869/sbin/setcapubuntu 11241100x8000000000000000530979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a6a45f21200cde2021-12-21 11:27:32.759root 11241100x8000000000000000530980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd61c131fe461252021-12-21 11:27:32.759root 11241100x8000000000000000530981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e62c151e94ed2b2021-12-21 11:27:32.759root 11241100x8000000000000000530982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226d4e1ba2ec3dde2021-12-21 11:27:32.759root 11241100x8000000000000000530983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d688ca0ddc428f2021-12-21 11:27:32.759root 11241100x8000000000000000530984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d512dc5e29205dc42021-12-21 11:27:32.759root 11241100x8000000000000000530985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5160f36127605bb12021-12-21 11:27:32.759root 11241100x8000000000000000530986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.759{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64cdb033e90aab62021-12-21 11:27:32.759root 11241100x8000000000000000530987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3179312960d4378c2021-12-21 11:27:32.760root 11241100x8000000000000000530988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae420fc239d1f6822021-12-21 11:27:32.760root 11241100x8000000000000000530989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b94705bbac456a22021-12-21 11:27:32.760root 11241100x8000000000000000530990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca99b58407549c8f2021-12-21 11:27:32.760root 11241100x8000000000000000530991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58cbb77144e3ccc2021-12-21 11:27:32.760root 11241100x8000000000000000530992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f292147a356944d62021-12-21 11:27:32.760root 11241100x8000000000000000530993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef0bb40e70c2422021-12-21 11:27:32.760root 11241100x8000000000000000530994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c180ebda11fd0d1d2021-12-21 11:27:32.760root 11241100x8000000000000000530995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667da4c6b46b96712021-12-21 11:27:32.760root 11241100x8000000000000000530996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd17f789f9af5fb52021-12-21 11:27:32.760root 11241100x8000000000000000530997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bda786b3254db9f2021-12-21 11:27:32.760root 11241100x8000000000000000530998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.760{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a031838dc16190c62021-12-21 11:27:32.760root 11241100x8000000000000000530999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:32.761{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc77380bf2d0d2c2021-12-21 11:27:32.761root 11241100x8000000000000000531000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8a9372a238eafc2021-12-21 11:27:33.193root 11241100x8000000000000000531001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f76d251acf16252021-12-21 11:27:33.193root 11241100x8000000000000000531002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25278a651816819f2021-12-21 11:27:33.193root 11241100x8000000000000000531003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee252ac171dded602021-12-21 11:27:33.194root 11241100x8000000000000000531004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4134ec8fb354a662021-12-21 11:27:33.194root 11241100x8000000000000000531005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2224d15627b1d97a2021-12-21 11:27:33.194root 11241100x8000000000000000531006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ee7d4360520f5a2021-12-21 11:27:33.194root 11241100x8000000000000000531007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5559c1a0d3ef562021-12-21 11:27:33.194root 11241100x8000000000000000531008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d4bb581c9be002021-12-21 11:27:33.194root 11241100x8000000000000000531009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c32d36311cda4282021-12-21 11:27:33.194root 11241100x8000000000000000531010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8f5ab205934ac72021-12-21 11:27:33.194root 11241100x8000000000000000531011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491bd942bdcde4a32021-12-21 11:27:33.194root 11241100x8000000000000000531012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4503e8efc0fa90c82021-12-21 11:27:33.194root 11241100x8000000000000000531013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58232226791da05f2021-12-21 11:27:33.194root 11241100x8000000000000000531014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66173aab2d6b08f02021-12-21 11:27:33.195root 11241100x8000000000000000531015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9816aef6c604904f2021-12-21 11:27:33.195root 11241100x8000000000000000531016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01d8875a54a5d912021-12-21 11:27:33.195root 11241100x8000000000000000531017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20efa11ef4bb78e2021-12-21 11:27:33.195root 11241100x8000000000000000531018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76f653f2659253d2021-12-21 11:27:33.195root 11241100x8000000000000000531019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d24f07585b243d2021-12-21 11:27:33.195root 11241100x8000000000000000531020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c1ba46937e07c2021-12-21 11:27:33.693root 11241100x8000000000000000531021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2caa5711172cdb2021-12-21 11:27:33.693root 11241100x8000000000000000531022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d268aec6c19f5e02021-12-21 11:27:33.693root 11241100x8000000000000000531023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a41adf533974a42021-12-21 11:27:33.693root 11241100x8000000000000000531024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becc572a8f1ce3062021-12-21 11:27:33.693root 11241100x8000000000000000531025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b8b7c2b20ef11e2021-12-21 11:27:33.693root 11241100x8000000000000000531026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae046d2b85400b582021-12-21 11:27:33.693root 11241100x8000000000000000531027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4f577ea800281a2021-12-21 11:27:33.693root 11241100x8000000000000000531028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487dfcace3ab37d2021-12-21 11:27:33.693root 11241100x8000000000000000531029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b5b1cde2865b602021-12-21 11:27:33.693root 11241100x8000000000000000531030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47459f1aaf8ca0a52021-12-21 11:27:33.694root 11241100x8000000000000000531031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edc5ea752fd86b72021-12-21 11:27:33.694root 11241100x8000000000000000531032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88562c714ca1b262021-12-21 11:27:33.694root 11241100x8000000000000000531033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc71d1a4f336e8a2021-12-21 11:27:33.694root 11241100x8000000000000000531034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06293444c33067c2021-12-21 11:27:33.694root 11241100x8000000000000000531035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be0d17214a01f32021-12-21 11:27:33.694root 11241100x8000000000000000531036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abaec4bcd0f55f4f2021-12-21 11:27:33.694root 11241100x8000000000000000531037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ca363f1f0bb16f2021-12-21 11:27:33.694root 11241100x8000000000000000531038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1be5fa8d2bc8e892021-12-21 11:27:33.694root 11241100x8000000000000000531039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3b3f949b648692021-12-21 11:27:33.694root 11241100x8000000000000000531040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb2f5b84b131bca2021-12-21 11:27:33.695root 11241100x8000000000000000531041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db2b0f1b9d0ebea2021-12-21 11:27:33.695root 11241100x8000000000000000531042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e99ae2d621d0e762021-12-21 11:27:33.695root 11241100x8000000000000000531043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d948074e03529fd2021-12-21 11:27:33.695root 11241100x8000000000000000531044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693ab2e829a93e972021-12-21 11:27:33.695root 11241100x8000000000000000531045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0592742dd4561b12021-12-21 11:27:33.695root 11241100x8000000000000000531046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaed327a79bac7c2021-12-21 11:27:33.695root 11241100x8000000000000000531047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d75e6e25f8df692021-12-21 11:27:33.695root 11241100x8000000000000000531048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93604bfcf91f54172021-12-21 11:27:33.695root 11241100x8000000000000000531049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4a09de9c157b22021-12-21 11:27:33.695root 11241100x8000000000000000531050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f354516fc4c3b372021-12-21 11:27:33.696root 11241100x8000000000000000531051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfec737e63cc08c2021-12-21 11:27:34.193root 11241100x8000000000000000531052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f10a41317c80892021-12-21 11:27:34.193root 11241100x8000000000000000531053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cfd928f94609b62021-12-21 11:27:34.194root 11241100x8000000000000000531054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75dbd715f8f0442021-12-21 11:27:34.194root 11241100x8000000000000000531055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d8fdbf1d75267b2021-12-21 11:27:34.194root 11241100x8000000000000000531056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184007e177d1a9b2021-12-21 11:27:34.194root 11241100x8000000000000000531057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30078afe30ec4222021-12-21 11:27:34.194root 11241100x8000000000000000531058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a43ce6d91250b2021-12-21 11:27:34.194root 11241100x8000000000000000531059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051fb801d70a1a2d2021-12-21 11:27:34.195root 11241100x8000000000000000531060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b4eb9db4b9ab732021-12-21 11:27:34.195root 11241100x8000000000000000531061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba7022175ab2fbf2021-12-21 11:27:34.195root 11241100x8000000000000000531062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc80a40a4bdd21c2021-12-21 11:27:34.196root 11241100x8000000000000000531063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86706c7afd4ba8fa2021-12-21 11:27:34.196root 11241100x8000000000000000531064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4e6f1a412f2a282021-12-21 11:27:34.196root 11241100x8000000000000000531065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4418761fec1cd622021-12-21 11:27:34.197root 11241100x8000000000000000531066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828d8b30ac805bbf2021-12-21 11:27:34.197root 11241100x8000000000000000531067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d01af711828d5712021-12-21 11:27:34.198root 11241100x8000000000000000531068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd784f37ac640cb2021-12-21 11:27:34.199root 11241100x8000000000000000531069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb34035e3a495d2021-12-21 11:27:34.199root 11241100x8000000000000000531070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb5635b10e885c42021-12-21 11:27:34.200root 11241100x8000000000000000531071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58e6aae50c5e9e62021-12-21 11:27:34.693root 11241100x8000000000000000531072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747880368475c72d2021-12-21 11:27:34.693root 11241100x8000000000000000531073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdffb5b63def05fd2021-12-21 11:27:34.693root 11241100x8000000000000000531074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d564710999eae62021-12-21 11:27:34.693root 11241100x8000000000000000531075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540beda8e7eb390e2021-12-21 11:27:34.694root 11241100x8000000000000000531076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66434cce1a1daadc2021-12-21 11:27:34.694root 11241100x8000000000000000531077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395aac3e510f83342021-12-21 11:27:34.694root 11241100x8000000000000000531078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0e84043d43efbd2021-12-21 11:27:34.694root 11241100x8000000000000000531079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf13ab8e3da34cc2021-12-21 11:27:34.694root 11241100x8000000000000000531080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec36c025470ad902021-12-21 11:27:34.694root 11241100x8000000000000000531081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191dd9dda3f1d45f2021-12-21 11:27:34.694root 11241100x8000000000000000531082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b042e8a19922f39a2021-12-21 11:27:34.694root 11241100x8000000000000000531083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ff9a553f5224e12021-12-21 11:27:34.694root 11241100x8000000000000000531084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5521276c5705723f2021-12-21 11:27:34.694root 11241100x8000000000000000531085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e53409f1f88f292021-12-21 11:27:34.695root 11241100x8000000000000000531086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6facffc31bfa362021-12-21 11:27:34.695root 11241100x8000000000000000531087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b51d22ee16d45c2021-12-21 11:27:34.695root 11241100x8000000000000000531088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1715a38256a2152021-12-21 11:27:34.695root 11241100x8000000000000000531089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df409773ed0dcfa02021-12-21 11:27:34.695root 11241100x8000000000000000531090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f0ea45b11402e12021-12-21 11:27:34.695root 11241100x8000000000000000531091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10089711a1584fdc2021-12-21 11:27:35.193root 11241100x8000000000000000531092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7ddc67cb2d92d92021-12-21 11:27:35.193root 11241100x8000000000000000531093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaad197ec45bbe692021-12-21 11:27:35.193root 11241100x8000000000000000531094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18a030d64fa3d0c2021-12-21 11:27:35.194root 11241100x8000000000000000531095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853b0641c85e98472021-12-21 11:27:35.194root 11241100x8000000000000000531096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f647819ea4252c72021-12-21 11:27:35.194root 11241100x8000000000000000531097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eec87f19a408b22021-12-21 11:27:35.194root 11241100x8000000000000000531098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231b99ec4b65a20b2021-12-21 11:27:35.194root 11241100x8000000000000000531099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6fd85dc7fb179e2021-12-21 11:27:35.194root 11241100x8000000000000000531100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d80fbf790e130fe2021-12-21 11:27:35.194root 11241100x8000000000000000531101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715c85c5bf7490772021-12-21 11:27:35.194root 11241100x8000000000000000531102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49466872db63a5432021-12-21 11:27:35.194root 11241100x8000000000000000531103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3410ea6fc65bedd2021-12-21 11:27:35.194root 11241100x8000000000000000531104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3226e058399c60082021-12-21 11:27:35.195root 11241100x8000000000000000531105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e4a75801ae8c02021-12-21 11:27:35.195root 11241100x8000000000000000531106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ff856dcb1b2cbb2021-12-21 11:27:35.195root 11241100x8000000000000000531107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a9a1fcbdb399e2021-12-21 11:27:35.195root 11241100x8000000000000000531108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff45cf73e83b05a82021-12-21 11:27:35.195root 11241100x8000000000000000531109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90446d91c1854a9b2021-12-21 11:27:35.195root 11241100x8000000000000000531110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8820cd25e001992021-12-21 11:27:35.195root 154100x8000000000000000531111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.571{ec2b6afe-ba27-61c1-08ee-f1a20c560000}9870/usr/bin/sudo-----sudo setcap cap_net_raw+ep ./evil_bin/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000531112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.572{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d59097ad3544d862021-12-21 11:27:35.572root 11241100x8000000000000000531113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.572{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a140676404fb1f862021-12-21 11:27:35.572root 11241100x8000000000000000531114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.572{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b109ed0e2c275b232021-12-21 11:27:35.572root 11241100x8000000000000000531115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4729ca42f0d2ec2021-12-21 11:27:35.573root 11241100x8000000000000000531116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b35f243b1862d112021-12-21 11:27:35.573root 11241100x8000000000000000531117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891b9962addeada2021-12-21 11:27:35.573root 11241100x8000000000000000531118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8705640e9da53ead2021-12-21 11:27:35.573root 11241100x8000000000000000531119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5d850aef25379f2021-12-21 11:27:35.573root 11241100x8000000000000000531120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4692e71801db63b2021-12-21 11:27:35.573root 11241100x8000000000000000531121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfb8f45827bffcb2021-12-21 11:27:35.573root 11241100x8000000000000000531122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae62f7ada9842402021-12-21 11:27:35.573root 11241100x8000000000000000531123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d4cbcb75db0d472021-12-21 11:27:35.573root 11241100x8000000000000000531124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a85d70fbf3bea2021-12-21 11:27:35.573root 11241100x8000000000000000531125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29684586db14b7c12021-12-21 11:27:35.573root 11241100x8000000000000000531126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bcc9b6466996112021-12-21 11:27:35.573root 11241100x8000000000000000531127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.573{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a35af0997ebeea2021-12-21 11:27:35.573root 11241100x8000000000000000531128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f602a0e1c3185bc2021-12-21 11:27:35.574root 11241100x8000000000000000531129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675b52c760c600ca2021-12-21 11:27:35.574root 11241100x8000000000000000531130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c038253449784722021-12-21 11:27:35.574root 11241100x8000000000000000531131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c188fa71179fc002021-12-21 11:27:35.574root 11241100x8000000000000000531132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca075b862d40b62021-12-21 11:27:35.574root 11241100x8000000000000000531133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31d1c42aa6003b2021-12-21 11:27:35.574root 11241100x8000000000000000531134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2014972518e2ba4d2021-12-21 11:27:35.574root 11241100x8000000000000000531135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.574{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76c5e037c6256812021-12-21 11:27:35.574root 11241100x8000000000000000531136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.575{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3b46f265a83def2021-12-21 11:27:35.575root 11241100x8000000000000000531137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.575{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f385fbe292334bdf2021-12-21 11:27:35.575root 354300x8000000000000000531138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.576{ec2b6afe-ba27-61c1-08ee-f1a20c560000}9870/usr/bin/sudoubuntuudptruefalse127.0.0.1-43438-false127.0.0.53-53- 354300x8000000000000000531139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.576{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x8000000000000000531140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.576{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-58539-false10.0.0.2-53- 354300x8000000000000000531141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.576{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-39664-false10.0.0.2-53- 354300x8000000000000000531142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.577{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.25-39664- 354300x8000000000000000531143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.578{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43438- 354300x8000000000000000531144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.578{ec2b6afe-ba27-61c1-08ee-f1a20c560000}9870/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-42548- 354300x8000000000000000531145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.578{ec2b6afe-ba27-61c1-08ee-f1a20c560000}9870/usr/bin/sudoubuntuudptruefalse127.0.0.1-42548-false127.0.0.53-53- 354300x8000000000000000531146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.578{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-42548- 154100x8000000000000000531147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.582{ec2b6afe-ba27-61c1-80e7-262479550000}9871/sbin/setcap-----setcap cap_net_raw+ep ./evil_bin/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ba27-61c1-08ee-f1a20c560000}9870/usr/bin/sudosudoubuntu 534500x8000000000000000531148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.583{ec2b6afe-ba27-61c1-80e7-262479550000}9871/sbin/setcaproot 534500x8000000000000000531149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.583{ec2b6afe-ba27-61c1-08ee-f1a20c560000}9870/usr/bin/sudoroot 11241100x8000000000000000531150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd738247847eb912021-12-21 11:27:35.943root 11241100x8000000000000000531151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de34eeb0d5217052021-12-21 11:27:35.943root 11241100x8000000000000000531152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e02fa3cc82e63b2021-12-21 11:27:35.943root 11241100x8000000000000000531153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0af35a01f6815152021-12-21 11:27:35.943root 11241100x8000000000000000531154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406d335338b05a722021-12-21 11:27:35.944root 11241100x8000000000000000531155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328209b5485dacff2021-12-21 11:27:35.944root 11241100x8000000000000000531156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca19ae9fe5a8f7de2021-12-21 11:27:35.944root 11241100x8000000000000000531157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea2ff2022bdd12c2021-12-21 11:27:35.944root 11241100x8000000000000000531158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18342e6472cc8c92021-12-21 11:27:35.944root 11241100x8000000000000000531159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d998fa792830eb452021-12-21 11:27:35.944root 11241100x8000000000000000531160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aadaa0c6f48b8a2021-12-21 11:27:35.944root 11241100x8000000000000000531161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aeefb9b6dc24972021-12-21 11:27:35.944root 11241100x8000000000000000531162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57811aebe3189bf2021-12-21 11:27:35.944root 11241100x8000000000000000531163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cbb1cc48fa9bc32021-12-21 11:27:35.944root 11241100x8000000000000000531164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db45983965a26ed2021-12-21 11:27:35.944root 11241100x8000000000000000531165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e849ec3baf2bfda92021-12-21 11:27:35.945root 11241100x8000000000000000531166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e0884e30abd61e2021-12-21 11:27:35.945root 11241100x8000000000000000531167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1921e253e8258532021-12-21 11:27:35.945root 11241100x8000000000000000531168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acea2c225bd863fe2021-12-21 11:27:35.945root 11241100x8000000000000000531169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcdd5bff84960fc2021-12-21 11:27:35.945root 11241100x8000000000000000531170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c2199c2637451a2021-12-21 11:27:35.945root 11241100x8000000000000000531171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5e70438a4787b2021-12-21 11:27:35.946root 11241100x8000000000000000531172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d470e9a6220f5e2021-12-21 11:27:35.946root 11241100x8000000000000000531173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff34c5f48e0020b2021-12-21 11:27:35.946root 11241100x8000000000000000531174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c81a4347390ae52021-12-21 11:27:35.946root 11241100x8000000000000000531175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb33748d52a6929f2021-12-21 11:27:35.946root 11241100x8000000000000000531176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d6e6d50d55a9842021-12-21 11:27:35.946root 11241100x8000000000000000531177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018c94e4edd3c4d02021-12-21 11:27:35.946root 11241100x8000000000000000531178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cb438a985ac5e72021-12-21 11:27:35.946root 11241100x8000000000000000531179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4799fc9a12714dc62021-12-21 11:27:35.947root 11241100x8000000000000000531180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6fe9236221edd12021-12-21 11:27:35.947root 11241100x8000000000000000531181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba9337a2954fe12021-12-21 11:27:35.947root 11241100x8000000000000000531182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e9427ef0c3ee742021-12-21 11:27:35.947root 11241100x8000000000000000531183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c36118bdc2ca6fb2021-12-21 11:27:35.947root 11241100x8000000000000000531184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad820d2173a020672021-12-21 11:27:35.947root 11241100x8000000000000000531185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4bc5561f19865c2021-12-21 11:27:35.947root 11241100x8000000000000000531186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bdfdf416a9133b2021-12-21 11:27:35.947root 11241100x8000000000000000531187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbecfec34e00f36e2021-12-21 11:27:35.948root 11241100x8000000000000000531188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0223778b2730850d2021-12-21 11:27:35.948root 11241100x8000000000000000531189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f58b2f45b5651cd2021-12-21 11:27:35.948root 11241100x8000000000000000531190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08b11a503a89d872021-12-21 11:27:35.948root 11241100x8000000000000000531191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:27:36.327root 11241100x8000000000000000531192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac84d7bfaf80f9082021-12-21 11:27:36.328root 11241100x8000000000000000531193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056653455c27fe8c2021-12-21 11:27:36.328root 11241100x8000000000000000531194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23036d5560af40b62021-12-21 11:27:36.328root 11241100x8000000000000000531195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd331cf2578c89692021-12-21 11:27:36.328root 11241100x8000000000000000531196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3756b09162b478c2021-12-21 11:27:36.329root 11241100x8000000000000000531197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910b2cbafe61bfde2021-12-21 11:27:36.329root 11241100x8000000000000000531198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514cbf035bb6a32b2021-12-21 11:27:36.329root 11241100x8000000000000000531199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54b494e1ee3fd542021-12-21 11:27:36.329root 11241100x8000000000000000531200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed945febd37b3522021-12-21 11:27:36.330root 11241100x8000000000000000531201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cedb48514fa2912021-12-21 11:27:36.330root 11241100x8000000000000000531202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f946607c3782dbb2021-12-21 11:27:36.330root 11241100x8000000000000000531203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62d55422c3c415f2021-12-21 11:27:36.330root 11241100x8000000000000000531204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e244aa2da9e100e52021-12-21 11:27:36.330root 11241100x8000000000000000531205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5a74e4b7ba09742021-12-21 11:27:36.331root 11241100x8000000000000000531206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3532834b04c721bf2021-12-21 11:27:36.331root 11241100x8000000000000000531207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b830fa2f2564932021-12-21 11:27:36.331root 11241100x8000000000000000531208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760bd0216c3432052021-12-21 11:27:36.331root 11241100x8000000000000000531209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1296902fd39f8552021-12-21 11:27:36.331root 11241100x8000000000000000531210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8759b9dd2adb87a92021-12-21 11:27:36.331root 11241100x8000000000000000531211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801a8863f3447542021-12-21 11:27:36.331root 11241100x8000000000000000531212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f82052f2f3c7af62021-12-21 11:27:36.332root 11241100x8000000000000000531213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d1e3564340c4522021-12-21 11:27:36.332root 11241100x8000000000000000531214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4665fc244db2742021-12-21 11:27:36.332root 11241100x8000000000000000531215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a70f7764ef84ef72021-12-21 11:27:36.332root 11241100x8000000000000000531216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3e35a4f95bc4db2021-12-21 11:27:36.332root 11241100x8000000000000000531217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5816c12bdc025f082021-12-21 11:27:36.332root 11241100x8000000000000000531218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b41e4807a2a4042021-12-21 11:27:36.332root 11241100x8000000000000000531219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8661fc45c8e09f9b2021-12-21 11:27:36.332root 11241100x8000000000000000531220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf3e1b6d171a39b2021-12-21 11:27:36.333root 11241100x8000000000000000531221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5a8096a70fb5572021-12-21 11:27:36.333root 11241100x8000000000000000531222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c101b34eb5bffe2021-12-21 11:27:36.333root 11241100x8000000000000000531223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb84eca3d1a1c302021-12-21 11:27:36.333root 11241100x8000000000000000531224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82887379d4e38b502021-12-21 11:27:36.333root 11241100x8000000000000000531225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331f61d604c6396c2021-12-21 11:27:36.333root 11241100x8000000000000000531226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64891ccb7359cf782021-12-21 11:27:36.333root 11241100x8000000000000000531227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e001c33fafc26c0b2021-12-21 11:27:36.333root 11241100x8000000000000000531228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13298e80a9c39bb92021-12-21 11:27:36.334root 11241100x8000000000000000531229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab03c27206e3a082021-12-21 11:27:36.334root 11241100x8000000000000000531230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6f59bede22b202021-12-21 11:27:36.334root 11241100x8000000000000000531231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e39f82200196712021-12-21 11:27:36.334root 11241100x8000000000000000531232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad9e590630768aa2021-12-21 11:27:36.693root 11241100x8000000000000000531233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b3bf899f6421eb2021-12-21 11:27:36.693root 11241100x8000000000000000531234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05f687781511a82021-12-21 11:27:36.693root 11241100x8000000000000000531235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c804398680591e2021-12-21 11:27:36.694root 11241100x8000000000000000531236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19c6c0f10b76cf92021-12-21 11:27:36.694root 11241100x8000000000000000531237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abad3e546099c19a2021-12-21 11:27:36.694root 11241100x8000000000000000531238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87ad3c517ce288d2021-12-21 11:27:36.694root 11241100x8000000000000000531239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a29ec0e690421e2021-12-21 11:27:36.694root 11241100x8000000000000000531240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e688565b5bae5d5c2021-12-21 11:27:36.694root 11241100x8000000000000000531241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300d64d9420aff132021-12-21 11:27:36.694root 11241100x8000000000000000531242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4095cb26331055c2021-12-21 11:27:36.694root 11241100x8000000000000000531243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e5364210182912021-12-21 11:27:36.694root 11241100x8000000000000000531244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f2ee81238143c42021-12-21 11:27:36.694root 11241100x8000000000000000531245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b878044811bbd042021-12-21 11:27:36.695root 11241100x8000000000000000531246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf52e524db4ab0ee2021-12-21 11:27:36.695root 11241100x8000000000000000531247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024196a665bb9c382021-12-21 11:27:36.695root 11241100x8000000000000000531248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb37bcdc7a41c832021-12-21 11:27:36.695root 11241100x8000000000000000531249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7d794e8ff7cbc32021-12-21 11:27:36.695root 11241100x8000000000000000531250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f512793bdecd1a2021-12-21 11:27:36.695root 11241100x8000000000000000531251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f6b8da9d33eb92021-12-21 11:27:36.695root 11241100x8000000000000000531252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f0b315875c3f682021-12-21 11:27:36.695root 11241100x8000000000000000531253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2b26cb15d38d952021-12-21 11:27:36.695root 11241100x8000000000000000531254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c976a193c3eae92021-12-21 11:27:36.696root 11241100x8000000000000000531255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e0c0bdf8adedac2021-12-21 11:27:36.696root 11241100x8000000000000000531256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61ccc70aa934ac02021-12-21 11:27:36.696root 11241100x8000000000000000531257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1ae552c641f0d02021-12-21 11:27:36.696root 11241100x8000000000000000531258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e062c9c6dc4d8052021-12-21 11:27:36.696root 11241100x8000000000000000531259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609c1cc5f0f68762021-12-21 11:27:36.696root 11241100x8000000000000000531260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8d9da3b6d137cf2021-12-21 11:27:36.696root 11241100x8000000000000000531261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aced8b500a10f81f2021-12-21 11:27:36.697root 11241100x8000000000000000531262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93df64384f857472021-12-21 11:27:36.697root 11241100x8000000000000000531263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964208031ab3f1b42021-12-21 11:27:36.697root 11241100x8000000000000000531264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca686ee33adef0d2021-12-21 11:27:36.697root 11241100x8000000000000000531265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a227a39a45a9b6b2021-12-21 11:27:36.697root 11241100x8000000000000000531266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69393bb49701fa242021-12-21 11:27:36.697root 11241100x8000000000000000531267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64554eec7787be0c2021-12-21 11:27:37.193root 11241100x8000000000000000531268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c3984e4ac02d482021-12-21 11:27:37.193root 11241100x8000000000000000531269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e545d655e25757c72021-12-21 11:27:37.193root 11241100x8000000000000000531270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c46659f087a7322021-12-21 11:27:37.193root 11241100x8000000000000000531271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5904c1ca95bb1b972021-12-21 11:27:37.193root 11241100x8000000000000000531272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074c9b08c51793ea2021-12-21 11:27:37.193root 11241100x8000000000000000531273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc547644ae3dd4b2021-12-21 11:27:37.193root 11241100x8000000000000000531274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e21e6d56cfbe48a2021-12-21 11:27:37.194root 11241100x8000000000000000531275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d537213b5a98632021-12-21 11:27:37.194root 11241100x8000000000000000531276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf27d9e33998b7a2021-12-21 11:27:37.194root 11241100x8000000000000000531277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da77e1496b83e2eb2021-12-21 11:27:37.194root 11241100x8000000000000000531278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b21ab80e6a93f42021-12-21 11:27:37.194root 11241100x8000000000000000531279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b5d256a3f0fd062021-12-21 11:27:37.194root 11241100x8000000000000000531280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de5a74384cffff2021-12-21 11:27:37.194root 11241100x8000000000000000531281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087495c2b6b529682021-12-21 11:27:37.194root 11241100x8000000000000000531282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ca201498e6c6e72021-12-21 11:27:37.194root 11241100x8000000000000000531283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732919db0af52fda2021-12-21 11:27:37.195root 11241100x8000000000000000531284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4418f5e43c77b12021-12-21 11:27:37.195root 11241100x8000000000000000531285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a180225ee2f2dc142021-12-21 11:27:37.195root 11241100x8000000000000000531286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df2f762b02f5af02021-12-21 11:27:37.195root 11241100x8000000000000000531287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723f70549bf0c41f2021-12-21 11:27:37.195root 11241100x8000000000000000531288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318348f9a268ccac2021-12-21 11:27:37.195root 11241100x8000000000000000531289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571dd270d85e2fe02021-12-21 11:27:37.195root 11241100x8000000000000000531290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d37406ec6415a12021-12-21 11:27:37.195root 11241100x8000000000000000531291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29a90f1109866952021-12-21 11:27:37.195root 11241100x8000000000000000531292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e52b9862f693bf2021-12-21 11:27:37.196root 11241100x8000000000000000531293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78563ee99cd4e122021-12-21 11:27:37.196root 11241100x8000000000000000531294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cd40b299fdf15c2021-12-21 11:27:37.196root 11241100x8000000000000000531295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1f4bab21643d392021-12-21 11:27:37.196root 11241100x8000000000000000531296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ecd0d1b8f6ca782021-12-21 11:27:37.196root 11241100x8000000000000000531297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1155f3bda1932fc92021-12-21 11:27:37.196root 11241100x8000000000000000531298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f656fe71e7401ffb2021-12-21 11:27:37.197root 11241100x8000000000000000531299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4ae58c53eb237b2021-12-21 11:27:37.197root 11241100x8000000000000000531300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1330183a76f7fa002021-12-21 11:27:37.197root 11241100x8000000000000000531301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686ffb4c8ff83d512021-12-21 11:27:37.197root 11241100x8000000000000000531302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3984f0f8d1c293d52021-12-21 11:27:37.197root 11241100x8000000000000000531303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1c02a8a0ebd83f2021-12-21 11:27:37.197root 11241100x8000000000000000531304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb70f82a958057382021-12-21 11:27:37.197root 11241100x8000000000000000531305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e0a34dd341d2062021-12-21 11:27:37.197root 11241100x8000000000000000531306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5596d490b02971a42021-12-21 11:27:37.197root 11241100x8000000000000000531307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab0f0f5222d74342021-12-21 11:27:37.198root 11241100x8000000000000000531308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040dbef9ab11eb102021-12-21 11:27:37.198root 11241100x8000000000000000531309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ba782bfb83d62a2021-12-21 11:27:37.198root 11241100x8000000000000000531310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fca51d948c0afd12021-12-21 11:27:37.198root 11241100x8000000000000000531311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d432637362fb9b802021-12-21 11:27:37.198root 11241100x8000000000000000531312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901522516164316b2021-12-21 11:27:37.198root 11241100x8000000000000000531313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a2ae7944b72052021-12-21 11:27:37.198root 11241100x8000000000000000531314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a754dec2484e52021-12-21 11:27:37.198root 11241100x8000000000000000531315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a484fe384b75fe252021-12-21 11:27:37.199root 11241100x8000000000000000531316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cd6c13c1feb2b02021-12-21 11:27:37.199root 11241100x8000000000000000531317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef188930e8b51a2021-12-21 11:27:37.199root 11241100x8000000000000000531318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb4f37c6389c2892021-12-21 11:27:37.199root 11241100x8000000000000000531319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bffcb7f120c35e62021-12-21 11:27:37.199root 11241100x8000000000000000531320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5fa08876fab65f2021-12-21 11:27:37.693root 11241100x8000000000000000531321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819a96ed530f41cc2021-12-21 11:27:37.693root 11241100x8000000000000000531322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907e5d8dfa66f4ac2021-12-21 11:27:37.693root 11241100x8000000000000000531323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1711cfdca7a58482021-12-21 11:27:37.693root 11241100x8000000000000000531324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33d808de8108c0c2021-12-21 11:27:37.693root 11241100x8000000000000000531325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3232cedb5c68cfed2021-12-21 11:27:37.694root 11241100x8000000000000000531326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3709a78b4670b212021-12-21 11:27:37.694root 11241100x8000000000000000531327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4999a9111c6ce22021-12-21 11:27:37.694root 11241100x8000000000000000531328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c7478374cc4632021-12-21 11:27:37.694root 11241100x8000000000000000531329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddbc86ff18b245f2021-12-21 11:27:37.694root 11241100x8000000000000000531330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21adf377781203de2021-12-21 11:27:37.695root 11241100x8000000000000000531331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c050e366e2f80a42021-12-21 11:27:37.695root 11241100x8000000000000000531332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3648949db98633ae2021-12-21 11:27:37.695root 11241100x8000000000000000531333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01329c4e8f26de912021-12-21 11:27:37.696root 11241100x8000000000000000531334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16100979c0e1fbe2021-12-21 11:27:37.696root 11241100x8000000000000000531335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9068cded9fd2d75b2021-12-21 11:27:37.696root 11241100x8000000000000000531336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8735c2214c98422021-12-21 11:27:37.696root 11241100x8000000000000000531337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b5d8f06b6a6da2021-12-21 11:27:37.696root 11241100x8000000000000000531338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d03ca6dab3d2272021-12-21 11:27:37.696root 11241100x8000000000000000531339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d35f9aa8d792d62021-12-21 11:27:37.696root 11241100x8000000000000000531340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da903784dedc2b0f2021-12-21 11:27:37.696root 11241100x8000000000000000531341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8e6dccfc1451a92021-12-21 11:27:37.697root 11241100x8000000000000000531342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e3ae8495b0d8c72021-12-21 11:27:37.697root 11241100x8000000000000000531343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da7c9c55ccae2b92021-12-21 11:27:37.697root 11241100x8000000000000000531344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb663508ed0a4d2021-12-21 11:27:37.698root 11241100x8000000000000000531345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b8955846755b6c2021-12-21 11:27:37.699root 11241100x8000000000000000531346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3315ef9db081e32021-12-21 11:27:37.699root 11241100x8000000000000000531347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af50a604b397988f2021-12-21 11:27:37.699root 11241100x8000000000000000531348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f01b2c22a3225b02021-12-21 11:27:37.699root 11241100x8000000000000000531349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7d40f4cdda51f2021-12-21 11:27:37.699root 11241100x8000000000000000531350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf9c7e527ab0ea72021-12-21 11:27:37.699root 11241100x8000000000000000531351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568732d2c080be352021-12-21 11:27:37.699root 11241100x8000000000000000531352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc73c0259cf0be82021-12-21 11:27:37.699root 11241100x8000000000000000531353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111fca8443b1f4702021-12-21 11:27:37.699root 11241100x8000000000000000531354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45dcbdcaf5ed1632021-12-21 11:27:37.699root 11241100x8000000000000000531355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2532fc285fa3352021-12-21 11:27:37.699root 11241100x8000000000000000531356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fe9cb18478aac42021-12-21 11:27:37.700root 11241100x8000000000000000531357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7777a0f954064a2021-12-21 11:27:37.700root 11241100x8000000000000000531358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67f7b489a622e062021-12-21 11:27:37.700root 11241100x8000000000000000531359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961ebd4048b456e82021-12-21 11:27:37.700root 354300x8000000000000000531360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.106{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48570-false10.0.1.12-8000- 11241100x8000000000000000531361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f2534f29edfb132021-12-21 11:27:38.107root 11241100x8000000000000000531362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48a1dd7fe3ad32e2021-12-21 11:27:38.107root 11241100x8000000000000000531363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eacec689e2b2b12021-12-21 11:27:38.107root 11241100x8000000000000000531364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bf5b8b4e3782692021-12-21 11:27:38.108root 11241100x8000000000000000531365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a175ca4158e2f4082021-12-21 11:27:38.108root 11241100x8000000000000000531366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb68d74846a01652021-12-21 11:27:38.108root 11241100x8000000000000000531367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2969d9c7feb654942021-12-21 11:27:38.108root 11241100x8000000000000000531368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ed9c62e72e207c2021-12-21 11:27:38.108root 11241100x8000000000000000531369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e456d197cd9992021-12-21 11:27:38.108root 11241100x8000000000000000531370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b81783e472b43a32021-12-21 11:27:38.108root 11241100x8000000000000000531371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d460dfbb92bc4cda2021-12-21 11:27:38.108root 11241100x8000000000000000531372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cafdea48a06a4d2021-12-21 11:27:38.108root 11241100x8000000000000000531373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62ccc76d5c654952021-12-21 11:27:38.108root 11241100x8000000000000000531374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb06048d0d2d89d2021-12-21 11:27:38.109root 11241100x8000000000000000531375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d1324004550e6d2021-12-21 11:27:38.109root 11241100x8000000000000000531376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66db91f3413fb242021-12-21 11:27:38.109root 11241100x8000000000000000531377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bdda01cf1c183c2021-12-21 11:27:38.109root 11241100x8000000000000000531378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d036508c0f7b5f6b2021-12-21 11:27:38.109root 11241100x8000000000000000531379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8c80a2a206dfb32021-12-21 11:27:38.109root 11241100x8000000000000000531380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee1eaf4e133fe382021-12-21 11:27:38.109root 11241100x8000000000000000531381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40663ea10174c12021-12-21 11:27:38.109root 11241100x8000000000000000531382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08dc84fc33ca1d02021-12-21 11:27:38.109root 11241100x8000000000000000531383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f1995a7085b0512021-12-21 11:27:38.110root 11241100x8000000000000000531384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb5c5bc670bb9e92021-12-21 11:27:38.110root 11241100x8000000000000000531385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaa9684707a144e2021-12-21 11:27:38.110root 11241100x8000000000000000531386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d84797492dd11bd2021-12-21 11:27:38.110root 11241100x8000000000000000531387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9038252d904c252021-12-21 11:27:38.110root 11241100x8000000000000000531388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef47f046908fbf422021-12-21 11:27:38.110root 11241100x8000000000000000531389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a4d455c9ee0c152021-12-21 11:27:38.110root 11241100x8000000000000000531390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decaec4f48fe3dae2021-12-21 11:27:38.110root 11241100x8000000000000000531391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5afc4ba3de1751f2021-12-21 11:27:38.110root 11241100x8000000000000000531392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa129b17d2e01b12021-12-21 11:27:38.111root 11241100x8000000000000000531393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a54b77d1d02d8832021-12-21 11:27:38.111root 11241100x8000000000000000531394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d495c360584d4fa2021-12-21 11:27:38.111root 11241100x8000000000000000531395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c5cbd7fc1b96342021-12-21 11:27:38.111root 11241100x8000000000000000531396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995b7e5cfaae2ce12021-12-21 11:27:38.111root 11241100x8000000000000000531397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcd77f03ce08e762021-12-21 11:27:38.111root 11241100x8000000000000000531398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579072b356fa5b042021-12-21 11:27:38.111root 11241100x8000000000000000531399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c374209d4953c152021-12-21 11:27:38.111root 11241100x8000000000000000531400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e226db9b066fdc2021-12-21 11:27:38.112root 11241100x8000000000000000531401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fa811c678074982021-12-21 11:27:38.112root 11241100x8000000000000000531402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a897697217d95a12021-12-21 11:27:38.112root 11241100x8000000000000000531403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774dd8d13d3b8f5f2021-12-21 11:27:38.112root 11241100x8000000000000000531404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdce5215812accc12021-12-21 11:27:38.112root 11241100x8000000000000000531405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dd9af1a6c051ae2021-12-21 11:27:38.112root 11241100x8000000000000000531406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2ea706ad97244c2021-12-21 11:27:38.113root 11241100x8000000000000000531407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f598992fd8a376972021-12-21 11:27:38.113root 11241100x8000000000000000531408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6b9cffc0808c6b2021-12-21 11:27:38.113root 11241100x8000000000000000531409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf3c8392ac7c5bb2021-12-21 11:27:38.113root 11241100x8000000000000000531410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cbf4022f5196ee2021-12-21 11:27:38.113root 11241100x8000000000000000531411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202782b7e3117d82021-12-21 11:27:38.114root 11241100x8000000000000000531412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244161318c1c89b12021-12-21 11:27:38.114root 11241100x8000000000000000531413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4823a1f2f72bd22021-12-21 11:27:38.114root 11241100x8000000000000000531414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8590df87c4b8f9b72021-12-21 11:27:38.114root 11241100x8000000000000000531415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb5a2bb3fdc9f292021-12-21 11:27:38.114root 11241100x8000000000000000531416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e536a0088e885f552021-12-21 11:27:38.114root 11241100x8000000000000000531417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6335391a860821282021-12-21 11:27:38.115root 11241100x8000000000000000531418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef06d11a36719022021-12-21 11:27:38.115root 11241100x8000000000000000531419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2116b110911115e2021-12-21 11:27:38.115root 11241100x8000000000000000531420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94374ef5fa0009522021-12-21 11:27:38.116root 11241100x8000000000000000531421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da95cd04847d86c52021-12-21 11:27:38.116root 11241100x8000000000000000531422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d573a47ca8e7eb2021-12-21 11:27:38.116root 11241100x8000000000000000531423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccc704d1baab5602021-12-21 11:27:38.116root 11241100x8000000000000000531424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14aeecd6077697622021-12-21 11:27:38.117root 11241100x8000000000000000531425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e0e67da660ea902021-12-21 11:27:38.117root 11241100x8000000000000000531426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab7e22eb4ab755d2021-12-21 11:27:38.117root 11241100x8000000000000000531427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fb65df93dcf2b62021-12-21 11:27:38.117root 11241100x8000000000000000531428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b79fd71d660702021-12-21 11:27:38.118root 11241100x8000000000000000531429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08821e90857ff22021-12-21 11:27:38.118root 11241100x8000000000000000531430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf63052d46105b02021-12-21 11:27:38.118root 11241100x8000000000000000531431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a2033c477fa1f2021-12-21 11:27:38.118root 11241100x8000000000000000531432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.118{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443a5e1c7e6530492021-12-21 11:27:38.118root 11241100x8000000000000000531433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ed7809d0a5aa02021-12-21 11:27:38.119root 11241100x8000000000000000531434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66b94317806f9a72021-12-21 11:27:38.119root 11241100x8000000000000000531435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a186f8ffec6e2fdd2021-12-21 11:27:38.119root 11241100x8000000000000000531436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c27a7593bd45c42021-12-21 11:27:38.119root 11241100x8000000000000000531437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf5333de0bdcc402021-12-21 11:27:38.120root 11241100x8000000000000000531438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6332c578fbb2992021-12-21 11:27:38.120root 11241100x8000000000000000531439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9dcca486bb41602021-12-21 11:27:38.120root 11241100x8000000000000000531440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a5d6e1c940ae642021-12-21 11:27:38.120root 11241100x8000000000000000531441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1266e511d7d1c0952021-12-21 11:27:38.120root 11241100x8000000000000000531442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb5b2c0c2747d6c2021-12-21 11:27:38.120root 11241100x8000000000000000531443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a2ff8f243754d12021-12-21 11:27:38.120root 11241100x8000000000000000531444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3f2d40f664659c2021-12-21 11:27:38.120root 11241100x8000000000000000531445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a9f61f08070b3b2021-12-21 11:27:38.120root 11241100x8000000000000000531446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a01a69d3e7661a2021-12-21 11:27:38.120root 11241100x8000000000000000531447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e89bbb78abc8af2021-12-21 11:27:38.120root 11241100x8000000000000000531448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae3347295b577692021-12-21 11:27:38.120root 11241100x8000000000000000531449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5e012c842309a72021-12-21 11:27:38.120root 11241100x8000000000000000531450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94c1b67338802ed2021-12-21 11:27:38.120root 11241100x8000000000000000531451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ea300f524219ee2021-12-21 11:27:38.120root 11241100x8000000000000000531452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58557e8215f1a55d2021-12-21 11:27:38.121root 11241100x8000000000000000531453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9b80e6427a40f22021-12-21 11:27:38.121root 11241100x8000000000000000531454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db065db6a4b869722021-12-21 11:27:38.122root 11241100x8000000000000000531455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1c675603f374b92021-12-21 11:27:38.122root 11241100x8000000000000000531456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462aab4d5dea24d02021-12-21 11:27:38.122root 11241100x8000000000000000531457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5682b4b3879026772021-12-21 11:27:38.122root 11241100x8000000000000000531458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d6098530246e532021-12-21 11:27:38.122root 11241100x8000000000000000531459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c06cc5dccb8cb82021-12-21 11:27:38.126root 11241100x8000000000000000531460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbe6a7df5d187f02021-12-21 11:27:38.126root 11241100x8000000000000000531461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b6854ede25a9fb2021-12-21 11:27:38.126root 11241100x8000000000000000531462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade67b9691c21e382021-12-21 11:27:38.126root 11241100x8000000000000000531463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a16e662a07b84892021-12-21 11:27:38.126root 11241100x8000000000000000531464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f23572ffeba9a822021-12-21 11:27:38.126root 11241100x8000000000000000531465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e350447e6a86f22021-12-21 11:27:38.126root 11241100x8000000000000000531466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b41298cd54bf9e12021-12-21 11:27:38.126root 11241100x8000000000000000531467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6434901cdd7d02021-12-21 11:27:38.127root 11241100x8000000000000000531468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783339c70b3574a72021-12-21 11:27:38.127root 11241100x8000000000000000531469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e485aaa13d13f22021-12-21 11:27:38.127root 11241100x8000000000000000531470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f550d3564fa0a82e2021-12-21 11:27:38.127root 11241100x8000000000000000531471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b75f56b6950a692021-12-21 11:27:38.127root 11241100x8000000000000000531472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d58b0e956fca232021-12-21 11:27:38.128root 11241100x8000000000000000531473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f349775ff6b9b102021-12-21 11:27:38.443root 11241100x8000000000000000531474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f47c8d187b61aa32021-12-21 11:27:38.443root 11241100x8000000000000000531475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d357390c32441272021-12-21 11:27:38.443root 11241100x8000000000000000531476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d393ff943003142021-12-21 11:27:38.443root 11241100x8000000000000000531477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619b5c7e6be9ca32021-12-21 11:27:38.443root 11241100x8000000000000000531478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1032949a24ba7df2021-12-21 11:27:38.443root 11241100x8000000000000000531479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2927f2cd7df47d2021-12-21 11:27:38.443root 11241100x8000000000000000531480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975c1bcdef16ab092021-12-21 11:27:38.443root 11241100x8000000000000000531481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355e86eee0bf2ffb2021-12-21 11:27:38.444root 11241100x8000000000000000531482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe28a7c4c33b5d22021-12-21 11:27:38.444root 11241100x8000000000000000531483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b60b02f5c8355b2021-12-21 11:27:38.444root 11241100x8000000000000000531484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0b4df283d59ff2021-12-21 11:27:38.444root 11241100x8000000000000000531485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ea0c8d32ab6dc82021-12-21 11:27:38.444root 11241100x8000000000000000531486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2df78625fd601bb2021-12-21 11:27:38.444root 11241100x8000000000000000531487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9042c93cdd6de3cb2021-12-21 11:27:38.444root 11241100x8000000000000000531488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe343348e5069782021-12-21 11:27:38.444root 11241100x8000000000000000531489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29446fc476bf1072021-12-21 11:27:38.444root 11241100x8000000000000000531490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58065ee3c18af4812021-12-21 11:27:38.444root 11241100x8000000000000000531491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f915d9b2a4c074042021-12-21 11:27:38.444root 11241100x8000000000000000531492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d231a0413b267df52021-12-21 11:27:38.445root 11241100x8000000000000000531493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d16059ee665ac572021-12-21 11:27:38.445root 11241100x8000000000000000531494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ba7c22bf26c9ea2021-12-21 11:27:38.445root 11241100x8000000000000000531495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b26817c727790212021-12-21 11:27:38.445root 11241100x8000000000000000531496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd4ccb6c82746922021-12-21 11:27:38.445root 11241100x8000000000000000531497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e41e4f9de218d22021-12-21 11:27:38.446root 11241100x8000000000000000531498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86354ec83c1660f2021-12-21 11:27:38.446root 11241100x8000000000000000531499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e3433a3b96bc0c2021-12-21 11:27:38.446root 11241100x8000000000000000531500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba77058088ac62e2021-12-21 11:27:38.446root 11241100x8000000000000000531501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d152596be053222021-12-21 11:27:38.447root 11241100x8000000000000000531502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa9351157f08ac72021-12-21 11:27:38.447root 11241100x8000000000000000531503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8dbac248b3393e2021-12-21 11:27:38.448root 11241100x8000000000000000531504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d668515905017cf82021-12-21 11:27:38.448root 11241100x8000000000000000531505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3d0b0919d09512021-12-21 11:27:38.448root 11241100x8000000000000000531506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96cf5c564b730742021-12-21 11:27:38.448root 11241100x8000000000000000531507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1804e9b877f9bd42021-12-21 11:27:38.449root 11241100x8000000000000000531508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958ded2b887bda62021-12-21 11:27:38.449root 11241100x8000000000000000531509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b9b911a69989c52021-12-21 11:27:38.449root 11241100x8000000000000000531510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55963ed286d14ef62021-12-21 11:27:38.450root 11241100x8000000000000000531511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd408b661fe5fa82021-12-21 11:27:38.450root 11241100x8000000000000000531512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a295be9d3cf6d5b52021-12-21 11:27:38.451root 11241100x8000000000000000531513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b79e2bba6ce5f2021-12-21 11:27:38.451root 11241100x8000000000000000531514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcc736cd311c0bd2021-12-21 11:27:38.451root 11241100x8000000000000000531515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72a9d488d21bc952021-12-21 11:27:38.452root 11241100x8000000000000000531516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75e7e80d17d70a62021-12-21 11:27:38.452root 11241100x8000000000000000531517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6c7d188b5456c82021-12-21 11:27:38.452root 11241100x8000000000000000531518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2438a3983026979c2021-12-21 11:27:38.943root 11241100x8000000000000000531519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631975e795fa17782021-12-21 11:27:38.943root 11241100x8000000000000000531520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40df1e3c2c213e22021-12-21 11:27:38.943root 11241100x8000000000000000531521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab38ba96c85fae5b2021-12-21 11:27:38.943root 11241100x8000000000000000531522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683c3a07b367990e2021-12-21 11:27:38.944root 11241100x8000000000000000531523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49b40505c91f202021-12-21 11:27:38.944root 11241100x8000000000000000531524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a4e1a88a3c28152021-12-21 11:27:38.944root 11241100x8000000000000000531525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801cc571667a767e2021-12-21 11:27:38.944root 11241100x8000000000000000531526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60206d0bda1edd732021-12-21 11:27:38.944root 11241100x8000000000000000531527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb4df86d642dc602021-12-21 11:27:38.945root 11241100x8000000000000000531528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a786efcbb3fb44492021-12-21 11:27:38.945root 11241100x8000000000000000531529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e544e3bce329592021-12-21 11:27:38.945root 11241100x8000000000000000531530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de024ed4e96b56872021-12-21 11:27:38.945root 11241100x8000000000000000531531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176e80bb536575ab2021-12-21 11:27:38.945root 11241100x8000000000000000531532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89f5f2cea3c7e2e2021-12-21 11:27:38.945root 11241100x8000000000000000531533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85375775e2a477412021-12-21 11:27:38.946root 11241100x8000000000000000531534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b43cb6f7c5f3452021-12-21 11:27:38.946root 11241100x8000000000000000531535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212afc7010771f3c2021-12-21 11:27:38.946root 11241100x8000000000000000531536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8434f6b1e7940092021-12-21 11:27:38.946root 11241100x8000000000000000531537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174e036d2b40237b2021-12-21 11:27:38.947root 11241100x8000000000000000531538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9a25892e5ce86c2021-12-21 11:27:38.947root 11241100x8000000000000000531539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183914ac71b268582021-12-21 11:27:38.948root 11241100x8000000000000000531540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceef4c18be433c912021-12-21 11:27:38.948root 11241100x8000000000000000531541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94bb1be811f2a612021-12-21 11:27:38.948root 11241100x8000000000000000531542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df033210d5de23492021-12-21 11:27:38.949root 11241100x8000000000000000531543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0c885652056602021-12-21 11:27:38.949root 11241100x8000000000000000531544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf0b38e5a6a323e2021-12-21 11:27:38.950root 11241100x8000000000000000531545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8aca49a268ab002021-12-21 11:27:38.950root 11241100x8000000000000000531546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e39e82a485e9e5b2021-12-21 11:27:38.950root 11241100x8000000000000000531547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb149630713646e2021-12-21 11:27:38.951root 11241100x8000000000000000531548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9140fb6aec898b12021-12-21 11:27:38.951root 11241100x8000000000000000531549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2d8987c407fd1c2021-12-21 11:27:38.952root 11241100x8000000000000000531550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a6afc981107c672021-12-21 11:27:38.952root 11241100x8000000000000000531551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf5e9651893cd62021-12-21 11:27:38.952root 11241100x8000000000000000531552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c990b498894f9402021-12-21 11:27:38.952root 11241100x8000000000000000531553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55679f4ea59025e82021-12-21 11:27:38.952root 11241100x8000000000000000531554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636b32943627151a2021-12-21 11:27:38.952root 11241100x8000000000000000531555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0016168fb680c92021-12-21 11:27:38.953root 11241100x8000000000000000531556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132fe446e353c552021-12-21 11:27:38.953root 11241100x8000000000000000531557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efde40dcbce1c31c2021-12-21 11:27:38.953root 11241100x8000000000000000531558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70efa48feba714d02021-12-21 11:27:38.953root 11241100x8000000000000000531559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba5690c9a1cdee2021-12-21 11:27:38.953root 11241100x8000000000000000531560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975341d36040d7c52021-12-21 11:27:38.953root 11241100x8000000000000000531561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:38.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319602dd092ce73b2021-12-21 11:27:38.953root 23542300x8000000000000000531562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.330{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000531563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26390985ff3ce4c2021-12-21 11:27:39.330root 11241100x8000000000000000531564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f089de65b32b85c2021-12-21 11:27:39.330root 11241100x8000000000000000531565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058138ed294e89c42021-12-21 11:27:39.331root 11241100x8000000000000000531566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6391f4f057a202ed2021-12-21 11:27:39.331root 11241100x8000000000000000531567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2877f026aa6c1e172021-12-21 11:27:39.331root 11241100x8000000000000000531568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb08de880153f082021-12-21 11:27:39.331root 11241100x8000000000000000531569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1236f20cb2fc341b2021-12-21 11:27:39.331root 11241100x8000000000000000531570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376ed8c4c0ade7522021-12-21 11:27:39.331root 11241100x8000000000000000531571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e570e9233f7319f02021-12-21 11:27:39.332root 11241100x8000000000000000531572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc48301dc2d1ea42021-12-21 11:27:39.332root 11241100x8000000000000000531573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda1a85a35e9b9b02021-12-21 11:27:39.332root 11241100x8000000000000000531574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c050a1e8d545de2021-12-21 11:27:39.332root 11241100x8000000000000000531575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9315f2fc3f210a32021-12-21 11:27:39.332root 11241100x8000000000000000531576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d36e7ef5c263872021-12-21 11:27:39.332root 11241100x8000000000000000531577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4def2d1fdec4fe562021-12-21 11:27:39.332root 11241100x8000000000000000531578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4764833c249df2102021-12-21 11:27:39.332root 11241100x8000000000000000531579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf82df6f79617c72021-12-21 11:27:39.332root 11241100x8000000000000000531580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a73cfa52b12402b2021-12-21 11:27:39.333root 11241100x8000000000000000531581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776e1211ac0780cb2021-12-21 11:27:39.333root 11241100x8000000000000000531582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76320f57c52a3002021-12-21 11:27:39.333root 11241100x8000000000000000531583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0544658e6dc6ba6e2021-12-21 11:27:39.333root 11241100x8000000000000000531584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9652190a28782e2021-12-21 11:27:39.333root 11241100x8000000000000000531585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6063d218fb4b472021-12-21 11:27:39.333root 11241100x8000000000000000531586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d4d559ca6ffb1d2021-12-21 11:27:39.333root 11241100x8000000000000000531587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7080270b22c99cab2021-12-21 11:27:39.333root 11241100x8000000000000000531588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262ff69b70f9a6372021-12-21 11:27:39.333root 11241100x8000000000000000531589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273f7bbbcf90ca72021-12-21 11:27:39.333root 11241100x8000000000000000531590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82610aed85fb14d2021-12-21 11:27:39.333root 11241100x8000000000000000531591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767b93bceed24a882021-12-21 11:27:39.334root 11241100x8000000000000000531592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591578a2d61e36d2021-12-21 11:27:39.334root 11241100x8000000000000000531593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2474c479b2ad2d692021-12-21 11:27:39.334root 11241100x8000000000000000531594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afef41552f6136ac2021-12-21 11:27:39.334root 11241100x8000000000000000531595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57e55e4170c3e502021-12-21 11:27:39.334root 11241100x8000000000000000531596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf1f3017a6ccfcd2021-12-21 11:27:39.334root 11241100x8000000000000000531597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9d47d0af30af982021-12-21 11:27:39.334root 11241100x8000000000000000531598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c09402221aa523d2021-12-21 11:27:39.334root 11241100x8000000000000000531599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d809b77f3d8daa872021-12-21 11:27:39.334root 11241100x8000000000000000531600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d798dbea07d7bf4e2021-12-21 11:27:39.334root 11241100x8000000000000000531601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3628715d341f9592021-12-21 11:27:39.334root 11241100x8000000000000000531602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81fb344e8a18b902021-12-21 11:27:39.334root 11241100x8000000000000000531603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc2b4fed8d6ce7a2021-12-21 11:27:39.334root 11241100x8000000000000000531604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5598843526b73c2021-12-21 11:27:39.335root 11241100x8000000000000000531605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74a66462bae74392021-12-21 11:27:39.693root 11241100x8000000000000000531606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b349dd0bc311a4602021-12-21 11:27:39.693root 11241100x8000000000000000531607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728e7725368fd1642021-12-21 11:27:39.693root 11241100x8000000000000000531608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f89a68abb1d9cac2021-12-21 11:27:39.694root 11241100x8000000000000000531609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be843c00756281112021-12-21 11:27:39.694root 11241100x8000000000000000531610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091527b4aee985ec2021-12-21 11:27:39.694root 11241100x8000000000000000531611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9d84176147a26b2021-12-21 11:27:39.694root 11241100x8000000000000000531612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eda2abd951735af2021-12-21 11:27:39.694root 11241100x8000000000000000531613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017c2685f8cbaca12021-12-21 11:27:39.694root 11241100x8000000000000000531614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb495690faf200862021-12-21 11:27:39.694root 11241100x8000000000000000531615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722f5a5901a142102021-12-21 11:27:39.694root 11241100x8000000000000000531616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8706d30cce4a81d82021-12-21 11:27:39.694root 11241100x8000000000000000531617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7790f51a58b62b242021-12-21 11:27:39.694root 11241100x8000000000000000531618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a3b9ed9297a7052021-12-21 11:27:39.694root 11241100x8000000000000000531619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c92e53caecef8b2021-12-21 11:27:39.694root 11241100x8000000000000000531620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5996e32d12283ce32021-12-21 11:27:39.694root 11241100x8000000000000000531621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fa2068d35fff832021-12-21 11:27:39.694root 11241100x8000000000000000531622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee53a230f375c22021-12-21 11:27:39.694root 11241100x8000000000000000531623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0fe051d894759e2021-12-21 11:27:39.694root 11241100x8000000000000000531624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b4927899d956f42021-12-21 11:27:39.695root 11241100x8000000000000000531625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147bbe226ebca4952021-12-21 11:27:39.695root 11241100x8000000000000000531626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eaad656a3404a72021-12-21 11:27:39.695root 11241100x8000000000000000531627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad365195c9771302021-12-21 11:27:39.695root 11241100x8000000000000000531628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137eaf79a9261b52021-12-21 11:27:39.695root 11241100x8000000000000000531629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fb3ac3d2bb82d42021-12-21 11:27:39.695root 11241100x8000000000000000531630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bbfab9b35f773b2021-12-21 11:27:39.695root 11241100x8000000000000000531631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea045039bb7019772021-12-21 11:27:39.695root 11241100x8000000000000000531632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9085e2895422ba92021-12-21 11:27:39.695root 11241100x8000000000000000531633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8e020c92d2dfd62021-12-21 11:27:39.695root 11241100x8000000000000000531634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e2f0804a6f2512021-12-21 11:27:39.695root 11241100x8000000000000000531635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a219d8bb5c4f3642021-12-21 11:27:39.695root 11241100x8000000000000000531636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370f67eef31dd6b2021-12-21 11:27:39.695root 11241100x8000000000000000531637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97792a40f1ea98392021-12-21 11:27:39.696root 11241100x8000000000000000531638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f45ee17e7d802822021-12-21 11:27:39.696root 11241100x8000000000000000531639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec9a99ffffa3f32021-12-21 11:27:39.696root 11241100x8000000000000000531640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebaf0143c7774f52021-12-21 11:27:39.696root 11241100x8000000000000000531641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f38345d1b4ada2021-12-21 11:27:39.696root 11241100x8000000000000000531642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83f88cb465499e82021-12-21 11:27:39.696root 11241100x8000000000000000531643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7816817537dedc12021-12-21 11:27:39.696root 11241100x8000000000000000531644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b00337ce65518e62021-12-21 11:27:39.696root 11241100x8000000000000000531645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80da2073bb241da2021-12-21 11:27:39.696root 11241100x8000000000000000531646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c8096a015ccf122021-12-21 11:27:40.193root 11241100x8000000000000000531647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b00b5ba2f17fcd2021-12-21 11:27:40.194root 11241100x8000000000000000531648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1154cd5b7b44bb482021-12-21 11:27:40.194root 11241100x8000000000000000531649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a9234267f510e02021-12-21 11:27:40.194root 11241100x8000000000000000531650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d65c55b7133690a2021-12-21 11:27:40.194root 11241100x8000000000000000531651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5190d809625bec542021-12-21 11:27:40.194root 11241100x8000000000000000531652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f725759ec79551b2021-12-21 11:27:40.194root 11241100x8000000000000000531653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68517634381a2a02021-12-21 11:27:40.194root 11241100x8000000000000000531654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615961d906bd45be2021-12-21 11:27:40.194root 11241100x8000000000000000531655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5683b10696e0e4982021-12-21 11:27:40.194root 11241100x8000000000000000531656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48429571f39b45a32021-12-21 11:27:40.194root 11241100x8000000000000000531657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282d5c4f9c34aee42021-12-21 11:27:40.195root 11241100x8000000000000000531658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf2ac4cd08843902021-12-21 11:27:40.195root 11241100x8000000000000000531659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b49f406370b3af2021-12-21 11:27:40.195root 11241100x8000000000000000531660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67687a0ab04299d02021-12-21 11:27:40.195root 11241100x8000000000000000531661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492f9c669ca6e9802021-12-21 11:27:40.195root 11241100x8000000000000000531662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d893ff5442b024752021-12-21 11:27:40.195root 11241100x8000000000000000531663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac6af337e540522021-12-21 11:27:40.195root 11241100x8000000000000000531664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9c97d19f5d5f702021-12-21 11:27:40.195root 11241100x8000000000000000531665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec43fbdff923c5892021-12-21 11:27:40.195root 11241100x8000000000000000531666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91383cc004e718422021-12-21 11:27:40.195root 11241100x8000000000000000531667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc843731c47106f2021-12-21 11:27:40.196root 11241100x8000000000000000531668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e2baa89a8a8cb92021-12-21 11:27:40.196root 11241100x8000000000000000531669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b8b31692f6600a2021-12-21 11:27:40.196root 11241100x8000000000000000531670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d947a433bda9bc3c2021-12-21 11:27:40.196root 11241100x8000000000000000531671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1c5da39c06e2692021-12-21 11:27:40.196root 11241100x8000000000000000531672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2f982b2b2635472021-12-21 11:27:40.196root 11241100x8000000000000000531673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a7b422981965572021-12-21 11:27:40.196root 11241100x8000000000000000531674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f4815ec0ebcb92021-12-21 11:27:40.196root 11241100x8000000000000000531675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf5669c1c46d9572021-12-21 11:27:40.196root 11241100x8000000000000000531676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c10a6440d25a06c2021-12-21 11:27:40.196root 11241100x8000000000000000531677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d4d16d32af0c52021-12-21 11:27:40.197root 11241100x8000000000000000531678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc494223ac39b642021-12-21 11:27:40.197root 11241100x8000000000000000531679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eebe7f3bace85cd2021-12-21 11:27:40.197root 11241100x8000000000000000531680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f2117338c189692021-12-21 11:27:40.197root 11241100x8000000000000000531681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02190f43f480a1ad2021-12-21 11:27:40.197root 11241100x8000000000000000531682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b62df286ac501d2021-12-21 11:27:40.693root 11241100x8000000000000000531683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d9ac32d08ba6722021-12-21 11:27:40.693root 11241100x8000000000000000531684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc592b16b4b3e66a2021-12-21 11:27:40.693root 11241100x8000000000000000531685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2828295b0ac172ac2021-12-21 11:27:40.693root 11241100x8000000000000000531686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc77ff2db083e32021-12-21 11:27:40.693root 11241100x8000000000000000531687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebecc3d8cf3ddbb2021-12-21 11:27:40.693root 11241100x8000000000000000531688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a91f20550d9e71c2021-12-21 11:27:40.693root 11241100x8000000000000000531689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c0fd30b0ac152e2021-12-21 11:27:40.694root 11241100x8000000000000000531690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34ffe3e21b1c4532021-12-21 11:27:40.694root 11241100x8000000000000000531691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374b8d486c8993ea2021-12-21 11:27:40.694root 11241100x8000000000000000531692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9986436adc352c62021-12-21 11:27:40.694root 11241100x8000000000000000531693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd9a9e79c613ebb2021-12-21 11:27:40.694root 11241100x8000000000000000531694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a95c5b003a53f82021-12-21 11:27:40.694root 11241100x8000000000000000531695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb28dbf2079da022021-12-21 11:27:40.694root 11241100x8000000000000000531696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0503751589bca5692021-12-21 11:27:40.694root 354300x8000000000000000531735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:55.089{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48576-false10.0.1.12-8000- 11241100x8000000000000000531736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dab6ec35a646b382021-12-21 11:27:55.442root 11241100x8000000000000000531737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f624755f13dd7b42021-12-21 11:27:55.942root 11241100x8000000000000000531738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d73e46191d56e502021-12-21 11:27:56.442root 11241100x8000000000000000531739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ef10bae43376f2021-12-21 11:27:56.942root 534500x8000000000000000531740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.084{00000000-0000-0000-0000-000000000000}9872<unknown process>ubuntu 534500x8000000000000000531741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.086{00000000-0000-0000-0000-000000000000}9873<unknown process>ubuntu 534500x8000000000000000531742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.101{00000000-0000-0000-0000-000000000000}9874<unknown process>ubuntu 534500x8000000000000000531743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.103{00000000-0000-0000-0000-000000000000}9875<unknown process>ubuntu 11241100x8000000000000000531744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.103{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.0iNIMi2021-12-21 11:27:57.103ubuntu 23542300x8000000000000000531745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.103{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.0iNIMi--- 11241100x8000000000000000531746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea0395568a6bcdb2021-12-21 11:27:57.443root 11241100x8000000000000000531747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42074ab11750183f2021-12-21 11:27:57.443root 11241100x8000000000000000531748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b143414257829d082021-12-21 11:27:57.443root 11241100x8000000000000000531749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45713e78f00b81e2021-12-21 11:27:57.443root 11241100x8000000000000000531750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a8e519a4a4ef282021-12-21 11:27:57.443root 11241100x8000000000000000531751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e5c8e9b3aae2832021-12-21 11:27:57.443root 11241100x8000000000000000531752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb494047211d533f2021-12-21 11:27:57.443root 11241100x8000000000000000531753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108b6b6a3aab62b52021-12-21 11:27:57.943root 11241100x8000000000000000531754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5152c57e3321de2021-12-21 11:27:57.943root 11241100x8000000000000000531755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c67fc3122f4b552021-12-21 11:27:57.943root 11241100x8000000000000000531756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52ca6a2a69c36752021-12-21 11:27:57.943root 11241100x8000000000000000531757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37df9a6a27efada42021-12-21 11:27:57.943root 11241100x8000000000000000531758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05416ba79e5a8feb2021-12-21 11:27:57.943root 11241100x8000000000000000531759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8a758fafc74fe02021-12-21 11:27:57.943root 154100x8000000000000000531760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.044{ec2b6afe-ba3e-61c1-083e-f27612560000}9876/usr/bin/sudo-----sudo setcap cap_net_bind_service+p ./evil_bin/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 354300x8000000000000000531761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.047{ec2b6afe-ba3e-61c1-083e-f27612560000}9876/usr/bin/sudoubuntuudptruefalse127.0.0.1-39504-false127.0.0.53-53- 354300x8000000000000000531762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.047{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-40462-false10.0.0.2-53- 354300x8000000000000000531763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.047{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-50435-false10.0.0.2-53- 354300x8000000000000000531764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.048{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-39504- 354300x8000000000000000531765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.048{ec2b6afe-ba3e-61c1-083e-f27612560000}9876/usr/bin/sudoubuntuudptruefalse127.0.0.1-45972-false127.0.0.53-53- 354300x8000000000000000531766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.048{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-45972- 154100x8000000000000000531767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.051{ec2b6afe-ba3e-61c1-8027-803821560000}9877/sbin/setcap-----setcap cap_net_bind_service+p ./evil_bin/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ba3e-61c1-083e-f27612560000}9876/usr/bin/sudosudoubuntu 534500x8000000000000000531768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.051{ec2b6afe-ba3e-61c1-8027-803821560000}9877/sbin/setcaproot 534500x8000000000000000531769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.052{ec2b6afe-ba3e-61c1-083e-f27612560000}9876/usr/bin/sudoroot 11241100x8000000000000000531770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ed25e520f2ecc2021-12-21 11:27:58.443root 11241100x8000000000000000531771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf498845ce7069cf2021-12-21 11:27:58.443root 11241100x8000000000000000531772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c89f966b0022b12021-12-21 11:27:58.443root 11241100x8000000000000000531773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513df2699b0ee53f2021-12-21 11:27:58.443root 11241100x8000000000000000531774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495cb4de0d1ac2532021-12-21 11:27:58.443root 11241100x8000000000000000531775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2157f63076f8c62021-12-21 11:27:58.443root 11241100x8000000000000000531776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48111b7caca008822021-12-21 11:27:58.444root 11241100x8000000000000000531777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aad7b5c01e9ead82021-12-21 11:27:58.444root 11241100x8000000000000000531778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3a249bc7f3a2502021-12-21 11:27:58.444root 11241100x8000000000000000531779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e64049555169702021-12-21 11:27:58.444root 11241100x8000000000000000531780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b75e9dc7200f092021-12-21 11:27:58.444root 11241100x8000000000000000531781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854a0e0d7bc112c02021-12-21 11:27:58.444root 11241100x8000000000000000531782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bfcb70586723332021-12-21 11:27:58.444root 11241100x8000000000000000531783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990dd3d89fb6bcd02021-12-21 11:27:58.444root 11241100x8000000000000000531784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bdf612027cd9bd2021-12-21 11:27:58.444root 11241100x8000000000000000531785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b4cea6e01060052021-12-21 11:27:58.444root 11241100x8000000000000000531786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f855040376b34cc2021-12-21 11:27:58.444root 11241100x8000000000000000531787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76e1ebc337ce08d2021-12-21 11:27:58.943root 11241100x8000000000000000531788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368db0005e7376d72021-12-21 11:27:58.943root 11241100x8000000000000000531789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852a7fe545f97cb12021-12-21 11:27:58.943root 11241100x8000000000000000531790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5005f938fa2bbf2021-12-21 11:27:58.943root 11241100x8000000000000000531791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1582e80eec645fb22021-12-21 11:27:58.943root 11241100x8000000000000000531792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84555357a42d4b22021-12-21 11:27:58.943root 11241100x8000000000000000531793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ee4b55d0ef15562021-12-21 11:27:58.944root 11241100x8000000000000000531794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d73a291c8bce5c2021-12-21 11:27:58.944root 11241100x8000000000000000531795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e142c779365f1a2021-12-21 11:27:58.944root 11241100x8000000000000000531796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90454897dcf946992021-12-21 11:27:58.944root 11241100x8000000000000000531797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b487065ffba3302021-12-21 11:27:58.944root 11241100x8000000000000000531798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ee940b19240e832021-12-21 11:27:58.944root 11241100x8000000000000000531799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930bd6448c163a132021-12-21 11:27:58.944root 11241100x8000000000000000531800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634b2418757327c2021-12-21 11:27:58.944root 11241100x8000000000000000531801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8321f81b4fb561c62021-12-21 11:27:58.944root 11241100x8000000000000000531802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb1589f74fbbec02021-12-21 11:27:58.944root 11241100x8000000000000000531803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29c958d6b5201192021-12-21 11:27:58.944root 11241100x8000000000000000531804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2491bd27c8b3b2021-12-21 11:27:59.443root 11241100x8000000000000000531805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fce034e9c43bd22021-12-21 11:27:59.443root 11241100x8000000000000000531806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b13907c1f35ef92021-12-21 11:27:59.443root 11241100x8000000000000000531807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc67188d7739d82021-12-21 11:27:59.443root 11241100x8000000000000000531808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc16f868439ddaf42021-12-21 11:27:59.443root 11241100x8000000000000000531809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69836c19d0bf85ad2021-12-21 11:27:59.443root 11241100x8000000000000000531810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0871026a5eb6d82021-12-21 11:27:59.444root 11241100x8000000000000000531811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f5b098c7b413802021-12-21 11:27:59.444root 11241100x8000000000000000531812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea37115fe90c062021-12-21 11:27:59.444root 11241100x8000000000000000531813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61a948e23e8aa172021-12-21 11:27:59.444root 11241100x8000000000000000531814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9565d680b46324702021-12-21 11:27:59.444root 11241100x8000000000000000531815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35737c9181eafe502021-12-21 11:27:59.444root 11241100x8000000000000000531816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84df09ec14889d112021-12-21 11:27:59.444root 11241100x8000000000000000531817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdd3d2a27998cdf2021-12-21 11:27:59.444root 11241100x8000000000000000531818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972224e01e5e3faa2021-12-21 11:27:59.444root 11241100x8000000000000000531819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e72cab6356a6262021-12-21 11:27:59.445root 11241100x8000000000000000531820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d01f86b397b85412021-12-21 11:27:59.445root 11241100x8000000000000000531821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93730629fd1f01162021-12-21 11:27:59.943root 11241100x8000000000000000531822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8edb519215371c2021-12-21 11:27:59.943root 11241100x8000000000000000531823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa865da2403faa92021-12-21 11:27:59.943root 11241100x8000000000000000531824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4383047e38484ef2021-12-21 11:27:59.943root 11241100x8000000000000000531825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea17beb1bc37ff22021-12-21 11:27:59.943root 11241100x8000000000000000531826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d96cf34c001521a2021-12-21 11:27:59.944root 11241100x8000000000000000531827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a6b37e84b7e0652021-12-21 11:27:59.944root 11241100x8000000000000000531828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea26a00bca4b47e12021-12-21 11:27:59.944root 11241100x8000000000000000531829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdef704ea3880c42021-12-21 11:27:59.944root 11241100x8000000000000000531830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a3fb03869817922021-12-21 11:27:59.944root 11241100x8000000000000000531831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a99833ee6f21152021-12-21 11:27:59.944root 11241100x8000000000000000531832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5543f14209e1a1a2021-12-21 11:27:59.944root 11241100x8000000000000000531833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563c6bc4e8f1d8e22021-12-21 11:27:59.944root 11241100x8000000000000000531834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f114eaf87004a6c2021-12-21 11:27:59.944root 11241100x8000000000000000531835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db37694afa388cc82021-12-21 11:27:59.944root 11241100x8000000000000000531836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736012d8e4f6f9112021-12-21 11:27:59.944root 11241100x8000000000000000531837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca47912e5a2bce552021-12-21 11:27:59.944root 11241100x8000000000000000531838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b8e3f39cc0d6b2021-12-21 11:27:59.944root 354300x8000000000000000531839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.220{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48578-false10.0.1.12-8000- 11241100x8000000000000000531840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e25bfab457906e32021-12-21 11:28:00.221root 11241100x8000000000000000531841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8284336eb627829d2021-12-21 11:28:00.221root 11241100x8000000000000000531842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4ccd4366950a52021-12-21 11:28:00.222root 11241100x8000000000000000531843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac671439e2205282021-12-21 11:28:00.222root 11241100x8000000000000000531844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb687947624d9d2021-12-21 11:28:00.222root 11241100x8000000000000000531845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6376715453dff422021-12-21 11:28:00.222root 11241100x8000000000000000531846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0404c025490111e2021-12-21 11:28:00.222root 11241100x8000000000000000531847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3891a702de3d47c32021-12-21 11:28:00.223root 11241100x8000000000000000531848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5568993ede1550e32021-12-21 11:28:00.223root 11241100x8000000000000000531849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f4b0d8fc1101a12021-12-21 11:28:00.223root 11241100x8000000000000000531850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa3420bf1106a602021-12-21 11:28:00.223root 11241100x8000000000000000531851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da10b997c1e89812021-12-21 11:28:00.223root 11241100x8000000000000000531852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521ca5b286f8b5152021-12-21 11:28:00.224root 11241100x8000000000000000531853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321654b75d0edfa82021-12-21 11:28:00.224root 11241100x8000000000000000531854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c12d686e466afcc2021-12-21 11:28:00.224root 11241100x8000000000000000531855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4909692fa3fa4ab52021-12-21 11:28:00.224root 11241100x8000000000000000531856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc33c5e2b13b47a2021-12-21 11:28:00.224root 11241100x8000000000000000531857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f239dc5b34399fbc2021-12-21 11:28:00.224root 154100x8000000000000000531858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.533{ec2b6afe-ba40-61c1-e8f6-2eb9e0550000}9878/bin/ls-----ls --color=auto -ls/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000531859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.535{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81bf4298be8e9e52021-12-21 11:28:00.535root 11241100x8000000000000000531860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.535{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb74cd157f1f10872021-12-21 11:28:00.535root 11241100x8000000000000000531861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.535{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8554e6e92d7ff012021-12-21 11:28:00.535root 11241100x8000000000000000531862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.535{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444f9b1bff59f2fe2021-12-21 11:28:00.535root 534500x8000000000000000531863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.536{ec2b6afe-ba40-61c1-e8f6-2eb9e0550000}9878/bin/lsubuntu 11241100x8000000000000000531864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.536{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad800967581038762021-12-21 11:28:00.536root 11241100x8000000000000000531865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.536{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5695251475ccbb82021-12-21 11:28:00.536root 11241100x8000000000000000531866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.536{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629947dc6d29a4e72021-12-21 11:28:00.536root 11241100x8000000000000000531867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.536{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a6714121543112021-12-21 11:28:00.536root 11241100x8000000000000000531868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.536{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e944643d8cb16e2021-12-21 11:28:00.536root 11241100x8000000000000000531869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.537{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a5776b0feb54242021-12-21 11:28:00.537root 11241100x8000000000000000531870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.537{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93b23ae340e89ee2021-12-21 11:28:00.537root 11241100x8000000000000000531871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.537{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5260fac9563ca2b52021-12-21 11:28:00.537root 11241100x8000000000000000531872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.537{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f1ef7a113184762021-12-21 11:28:00.537root 11241100x8000000000000000531873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.537{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fbf4018737ff4c2021-12-21 11:28:00.537root 11241100x8000000000000000531874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.538{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71693bcb25130aa2021-12-21 11:28:00.538root 11241100x8000000000000000531875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.538{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d99f1bdf4efce2021-12-21 11:28:00.538root 11241100x8000000000000000531876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.538{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264d4d7f7bb79aa22021-12-21 11:28:00.538root 11241100x8000000000000000531877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.538{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d109b33933b7e62021-12-21 11:28:00.538root 11241100x8000000000000000531878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.538{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88571a274459da172021-12-21 11:28:00.538root 11241100x8000000000000000531879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.538{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cc7585afcd92b22021-12-21 11:28:00.538root 11241100x8000000000000000531880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.539{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95ff4eedb8b2dbf2021-12-21 11:28:00.539root 11241100x8000000000000000531881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14118b45e48058d2021-12-21 11:28:00.943root 11241100x8000000000000000531882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6714dd5089cf93f42021-12-21 11:28:00.943root 11241100x8000000000000000531883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ecb4e7cb8ab292021-12-21 11:28:00.943root 11241100x8000000000000000531884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a566d8d34eaed8352021-12-21 11:28:00.944root 11241100x8000000000000000531885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb910d04220ea872021-12-21 11:28:00.944root 11241100x8000000000000000531886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b073c00b4d256e2021-12-21 11:28:00.944root 11241100x8000000000000000531887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db4bfba9fce6672021-12-21 11:28:00.944root 11241100x8000000000000000531888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a172108132c54f62021-12-21 11:28:00.944root 11241100x8000000000000000531889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5af4c71b9b25cc62021-12-21 11:28:00.944root 11241100x8000000000000000531890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80818ba5b17981b2021-12-21 11:28:00.944root 11241100x8000000000000000531891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8536cf6744eaed2021-12-21 11:28:00.944root 11241100x8000000000000000531892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce3d2826e4ef2352021-12-21 11:28:00.944root 11241100x8000000000000000531893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d1af6b2a374dd32021-12-21 11:28:00.944root 11241100x8000000000000000531894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e13dfb33f57cb902021-12-21 11:28:00.945root 11241100x8000000000000000531895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb19fe9b3cd4b352021-12-21 11:28:00.945root 11241100x8000000000000000531896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8beff9d4bbae202021-12-21 11:28:00.945root 11241100x8000000000000000531897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e820292c830789f42021-12-21 11:28:00.945root 11241100x8000000000000000531898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb308384ed5ea2e72021-12-21 11:28:00.945root 11241100x8000000000000000531899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05edb3a4e1c843dd2021-12-21 11:28:00.945root 11241100x8000000000000000531900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b461294a69806c22021-12-21 11:28:00.945root 11241100x8000000000000000531901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e8c833cefdfc22021-12-21 11:28:01.443root 11241100x8000000000000000531902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bcf5197354f7112021-12-21 11:28:01.443root 11241100x8000000000000000531903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85434cab124517f92021-12-21 11:28:01.443root 11241100x8000000000000000531904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1689b8507eaa38682021-12-21 11:28:01.444root 11241100x8000000000000000531905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93dea1f6a28790d2021-12-21 11:28:01.444root 11241100x8000000000000000531906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2727eaaa2d982ffd2021-12-21 11:28:01.444root 11241100x8000000000000000531907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919305991e4140012021-12-21 11:28:01.444root 11241100x8000000000000000531908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a01cbcd9ab5e922021-12-21 11:28:01.444root 11241100x8000000000000000531909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67de4e563f3421b92021-12-21 11:28:01.444root 11241100x8000000000000000531910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d9cf7793f030082021-12-21 11:28:01.444root 11241100x8000000000000000531911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eb6d08f361eacc2021-12-21 11:28:01.444root 11241100x8000000000000000531912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3f3987408f27952021-12-21 11:28:01.444root 11241100x8000000000000000531913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9877bce9f751fc2021-12-21 11:28:01.444root 11241100x8000000000000000531914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a913b3b74808cf242021-12-21 11:28:01.444root 11241100x8000000000000000531915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb8656fecdb4b612021-12-21 11:28:01.444root 11241100x8000000000000000531916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a255a2718069253d2021-12-21 11:28:01.444root 11241100x8000000000000000531917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74a9ced36adac042021-12-21 11:28:01.445root 11241100x8000000000000000531918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596ee60b9b1688262021-12-21 11:28:01.445root 11241100x8000000000000000531919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008befc011debad02021-12-21 11:28:01.445root 11241100x8000000000000000531920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4456da7acb62d3b62021-12-21 11:28:01.445root 11241100x8000000000000000531921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5ea63d7a00f912021-12-21 11:28:01.943root 11241100x8000000000000000531922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f1993631df01e32021-12-21 11:28:01.943root 11241100x8000000000000000531923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9270423a386e597a2021-12-21 11:28:01.944root 11241100x8000000000000000531924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db40dcde14815352021-12-21 11:28:01.944root 11241100x8000000000000000531925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de41020c21e4ef372021-12-21 11:28:01.944root 11241100x8000000000000000531926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8dd45bef957d032021-12-21 11:28:01.944root 11241100x8000000000000000531927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d75dbf5a74d992021-12-21 11:28:01.944root 11241100x8000000000000000531928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e77b9807cb2f582021-12-21 11:28:01.944root 11241100x8000000000000000531929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d5b0f7a98fd5f02021-12-21 11:28:01.944root 11241100x8000000000000000531930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6576324ca04905392021-12-21 11:28:01.944root 11241100x8000000000000000531931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d0a445d4f798932021-12-21 11:28:01.945root 11241100x8000000000000000531932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9d87212ea1bc182021-12-21 11:28:01.945root 11241100x8000000000000000531933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b51a61fc6ed3612021-12-21 11:28:01.945root 11241100x8000000000000000531934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8192b00a1ef9e992021-12-21 11:28:01.945root 11241100x8000000000000000531935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa89dd06f4dae92021-12-21 11:28:01.945root 11241100x8000000000000000531936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613da0693b3896992021-12-21 11:28:01.945root 11241100x8000000000000000531937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0193b20dba719762021-12-21 11:28:01.945root 11241100x8000000000000000531938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bcaa096c35c33c2021-12-21 11:28:01.945root 11241100x8000000000000000531939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702fa8d69661b34c2021-12-21 11:28:01.945root 11241100x8000000000000000531940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973792ac9241cdc82021-12-21 11:28:01.945root 11241100x8000000000000000531941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c305fc3798ffbca2021-12-21 11:28:02.443root 11241100x8000000000000000531942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf1325b62c63592021-12-21 11:28:02.443root 11241100x8000000000000000531943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9445901dde67e2a2021-12-21 11:28:02.443root 11241100x8000000000000000531944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d582cd29991f6f02021-12-21 11:28:02.444root 11241100x8000000000000000531945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369bae3194baa3242021-12-21 11:28:02.444root 11241100x8000000000000000531946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb38efbf0378d94e2021-12-21 11:28:02.444root 11241100x8000000000000000531947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9425d043b13f6832021-12-21 11:28:02.444root 11241100x8000000000000000531948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f59294b704423c2021-12-21 11:28:02.444root 11241100x8000000000000000531949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400e80b7206a5a692021-12-21 11:28:02.444root 11241100x8000000000000000531950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fdff85e744e57b2021-12-21 11:28:02.444root 11241100x8000000000000000531951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3206df8bbd88fde2021-12-21 11:28:02.445root 11241100x8000000000000000531952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54545e230f2cf2c2021-12-21 11:28:02.445root 11241100x8000000000000000531953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8c1ebfdcf8a0772021-12-21 11:28:02.445root 11241100x8000000000000000531954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0f3e6cdb7cb1242021-12-21 11:28:02.445root 11241100x8000000000000000531955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2042016c64b3f9f22021-12-21 11:28:02.445root 11241100x8000000000000000531956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5269df2ae5673e72021-12-21 11:28:02.445root 11241100x8000000000000000531957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e010901bb5f89e2021-12-21 11:28:02.445root 11241100x8000000000000000531958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa41d819f230a282021-12-21 11:28:02.445root 11241100x8000000000000000531959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c926d9aecf8aa2021-12-21 11:28:02.445root 11241100x8000000000000000531960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fbbf86f37f8d62021-12-21 11:28:02.445root 11241100x8000000000000000531961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28804d5251d404892021-12-21 11:28:02.943root 11241100x8000000000000000531962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8302816ea8723b842021-12-21 11:28:02.943root 11241100x8000000000000000531963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d012a4b1ca8ca72021-12-21 11:28:02.943root 11241100x8000000000000000531964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574b3fc4ba99d3282021-12-21 11:28:02.943root 11241100x8000000000000000531965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa017a991bb8492f2021-12-21 11:28:02.943root 11241100x8000000000000000531966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946a8382a35516c42021-12-21 11:28:02.944root 11241100x8000000000000000531967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7779b7edafb0d8d62021-12-21 11:28:02.944root 11241100x8000000000000000531968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d111e38a0ee76962021-12-21 11:28:02.944root 11241100x8000000000000000531969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef1ebb212294d1c2021-12-21 11:28:02.944root 11241100x8000000000000000531970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ff01e750fb3b1c2021-12-21 11:28:02.944root 11241100x8000000000000000531971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf398f1b94019052021-12-21 11:28:02.944root 11241100x8000000000000000531972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9989c9f5b7fb84b2021-12-21 11:28:02.944root 11241100x8000000000000000531973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4a3eb05608f8d92021-12-21 11:28:02.944root 11241100x8000000000000000531974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0530ddc3ea5a84c2021-12-21 11:28:02.944root 11241100x8000000000000000531975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7447518d554150342021-12-21 11:28:02.944root 11241100x8000000000000000531976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd76c2085920adf2021-12-21 11:28:02.945root 11241100x8000000000000000531977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6d32444015be3c2021-12-21 11:28:02.945root 11241100x8000000000000000531978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cfa3c9fc775aea2021-12-21 11:28:02.945root 11241100x8000000000000000531979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df929b838750a2d2021-12-21 11:28:02.945root 11241100x8000000000000000531980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7babc2514e3ab9e12021-12-21 11:28:02.945root 11241100x8000000000000000531981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5970196ae4e412a62021-12-21 11:28:03.443root 11241100x8000000000000000531982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c698b4d3eff91d72021-12-21 11:28:03.444root 11241100x8000000000000000531983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdfff7be359934f2021-12-21 11:28:03.444root 11241100x8000000000000000531984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cce801449a71472021-12-21 11:28:03.444root 11241100x8000000000000000531985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4c3351d5c510722021-12-21 11:28:03.444root 11241100x8000000000000000531986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad5756e9e7920c62021-12-21 11:28:03.444root 11241100x8000000000000000531987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc9e0755c133bb2021-12-21 11:28:03.445root 11241100x8000000000000000531988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf897fe381d7232021-12-21 11:28:03.445root 11241100x8000000000000000531989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6847e8314f0c52d42021-12-21 11:28:03.445root 11241100x8000000000000000531990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c015369fa3a005c2021-12-21 11:28:03.445root 11241100x8000000000000000531991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aefef8b90b954a2021-12-21 11:28:03.445root 11241100x8000000000000000531992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a756d0a1a928f9d2021-12-21 11:28:03.445root 11241100x8000000000000000531993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938d97eff1767bd02021-12-21 11:28:03.445root 11241100x8000000000000000531994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e579a270e0ba3b9b2021-12-21 11:28:03.445root 11241100x8000000000000000531995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea39c8a83a021082021-12-21 11:28:03.445root 11241100x8000000000000000531996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff19004f6e9306372021-12-21 11:28:03.446root 11241100x8000000000000000531997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7772a2e1e115a9c62021-12-21 11:28:03.446root 11241100x8000000000000000531998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d7b212f6e58be52021-12-21 11:28:03.446root 11241100x8000000000000000531999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05099030aac02ff12021-12-21 11:28:03.446root 11241100x8000000000000000532000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0687ff752db94a752021-12-21 11:28:03.446root 11241100x8000000000000000532001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b888a45c4481fede2021-12-21 11:28:03.943root 11241100x8000000000000000532002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1175cebfa791392021-12-21 11:28:03.943root 11241100x8000000000000000532003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369ed2de6e811152021-12-21 11:28:03.943root 11241100x8000000000000000532004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a6d4cde6478e002021-12-21 11:28:03.944root 11241100x8000000000000000532005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b15cb2a318845c82021-12-21 11:28:03.944root 11241100x8000000000000000532006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a373d845a66801502021-12-21 11:28:03.944root 11241100x8000000000000000532007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e91601dc852ad02021-12-21 11:28:03.944root 11241100x8000000000000000532008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a032e6ec3c9ab252021-12-21 11:28:03.944root 11241100x8000000000000000532009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ee3c0b9aaf93852021-12-21 11:28:03.944root 11241100x8000000000000000532010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3a76fe4a0b1a2a2021-12-21 11:28:03.944root 11241100x8000000000000000532011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6129f5207810e8e2021-12-21 11:28:03.944root 11241100x8000000000000000532012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae280f2cdbf0e22021-12-21 11:28:03.944root 11241100x8000000000000000532013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aaf1e4ad7eb7932021-12-21 11:28:03.944root 11241100x8000000000000000532014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cc5f812946a27b2021-12-21 11:28:03.944root 11241100x8000000000000000532015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050a9795ef4052db2021-12-21 11:28:03.944root 11241100x8000000000000000532016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1add2db1e248a3982021-12-21 11:28:03.945root 11241100x8000000000000000532017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18deb8cadc7a98162021-12-21 11:28:03.945root 11241100x8000000000000000532018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11752655c9ecf7e2021-12-21 11:28:03.945root 11241100x8000000000000000532019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c599d039f1473a2021-12-21 11:28:03.945root 11241100x8000000000000000532020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefb83f9425190672021-12-21 11:28:03.945root 11241100x8000000000000000532021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f3264bf4cf2c52021-12-21 11:28:04.443root 11241100x8000000000000000532022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d703fbf06b10bbfa2021-12-21 11:28:04.443root 11241100x8000000000000000532023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717177ac25cc4a322021-12-21 11:28:04.443root 11241100x8000000000000000532024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65998f26c75051932021-12-21 11:28:04.443root 11241100x8000000000000000532025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da23602f9711af542021-12-21 11:28:04.443root 11241100x8000000000000000532026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d08ca3e4570b112021-12-21 11:28:04.443root 11241100x8000000000000000532027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea0f285f18f6a572021-12-21 11:28:04.443root 11241100x8000000000000000532028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b98f2ef6cd8bd412021-12-21 11:28:04.443root 11241100x8000000000000000532029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b15ab6ffab48e232021-12-21 11:28:04.443root 11241100x8000000000000000532030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14ff539cad3c14d2021-12-21 11:28:04.444root 11241100x8000000000000000532031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6ba0beb8ac52c2021-12-21 11:28:04.444root 11241100x8000000000000000532032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c358b483a7e89042021-12-21 11:28:04.444root 11241100x8000000000000000532033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14442fea1a37c6e22021-12-21 11:28:04.444root 11241100x8000000000000000532034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f70f8bfb9fb8ef2021-12-21 11:28:04.444root 11241100x8000000000000000532035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36bb81cb408c6412021-12-21 11:28:04.444root 11241100x8000000000000000532036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a5698c2c2e497e2021-12-21 11:28:04.444root 11241100x8000000000000000532037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f402aec3bf25c32021-12-21 11:28:04.444root 11241100x8000000000000000532038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fd39c5110076852021-12-21 11:28:04.444root 11241100x8000000000000000532039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dcb5fbefc3fda72021-12-21 11:28:04.444root 11241100x8000000000000000532040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802093137fc3e2a52021-12-21 11:28:04.445root 11241100x8000000000000000532041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6351aca003aed02021-12-21 11:28:04.445root 11241100x8000000000000000532042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd05f70ea8f763f2021-12-21 11:28:04.943root 11241100x8000000000000000532043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056b28f1e810ba642021-12-21 11:28:04.943root 11241100x8000000000000000532044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef454e2c76302132021-12-21 11:28:04.943root 11241100x8000000000000000532045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5de6bc770242272021-12-21 11:28:04.943root 11241100x8000000000000000532046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08a94b2cf9c7af12021-12-21 11:28:04.943root 11241100x8000000000000000532047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d99180d743e2372021-12-21 11:28:04.944root 11241100x8000000000000000532048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638a19d7ce0dffcd2021-12-21 11:28:04.944root 11241100x8000000000000000532049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabba2161207098c2021-12-21 11:28:04.944root 11241100x8000000000000000532050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c53cd03c742b3662021-12-21 11:28:04.944root 11241100x8000000000000000532051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0381dd7d20ba557f2021-12-21 11:28:04.944root 11241100x8000000000000000532052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9a45700587292e2021-12-21 11:28:04.944root 11241100x8000000000000000532053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aef8ca8ff9c759d2021-12-21 11:28:04.944root 11241100x8000000000000000532054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5803f0089a5e94f02021-12-21 11:28:04.945root 11241100x8000000000000000532055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee5aac2d948531a2021-12-21 11:28:04.945root 11241100x8000000000000000532056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be82c05e68d9fbb22021-12-21 11:28:04.945root 11241100x8000000000000000532057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34772655de1abf02021-12-21 11:28:04.945root 11241100x8000000000000000532058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7fc55990f4fad42021-12-21 11:28:04.945root 11241100x8000000000000000532059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e5ad965f38a8a2021-12-21 11:28:04.945root 11241100x8000000000000000532060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fbb4573c66acaf2021-12-21 11:28:04.945root 11241100x8000000000000000532061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e21d0f4d261b19b2021-12-21 11:28:04.945root 11241100x8000000000000000532062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c2b783a14ea71b2021-12-21 11:28:05.443root 11241100x8000000000000000532063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4c3f8ec6fc46f52021-12-21 11:28:05.443root 11241100x8000000000000000532064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867fcb1a0e4f2eda2021-12-21 11:28:05.443root 11241100x8000000000000000532065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b66b37f64a96b82021-12-21 11:28:05.444root 11241100x8000000000000000532066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69660c63327b30e52021-12-21 11:28:05.444root 11241100x8000000000000000532067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7161953ae0fd25f12021-12-21 11:28:05.444root 11241100x8000000000000000532068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c827f0c0150788492021-12-21 11:28:05.444root 11241100x8000000000000000532069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ae5f4757b10f72021-12-21 11:28:05.444root 11241100x8000000000000000532070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d822614af31da7b2021-12-21 11:28:05.444root 11241100x8000000000000000532071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c00f066edc9c662021-12-21 11:28:05.444root 11241100x8000000000000000532072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ebc499f230f202021-12-21 11:28:05.444root 11241100x8000000000000000532073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd6ed711a399dce2021-12-21 11:28:05.444root 11241100x8000000000000000532074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144d3cd4c952f8522021-12-21 11:28:05.445root 11241100x8000000000000000532075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e9ac26276f5bb42021-12-21 11:28:05.445root 11241100x8000000000000000532076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe53d833dc99598a2021-12-21 11:28:05.445root 11241100x8000000000000000532077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dbf85720f4db5f2021-12-21 11:28:05.445root 11241100x8000000000000000532078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2b64a525aab2242021-12-21 11:28:05.445root 11241100x8000000000000000532079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9419c30da1dd55df2021-12-21 11:28:05.445root 11241100x8000000000000000532080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bad2d3c277ba0f2021-12-21 11:28:05.445root 11241100x8000000000000000532081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ac6451bd8420192021-12-21 11:28:05.445root 11241100x8000000000000000532082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614ab708dc4d28622021-12-21 11:28:05.943root 11241100x8000000000000000532083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc3d44ca6990a3d2021-12-21 11:28:05.943root 11241100x8000000000000000532084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e5bd46d64c80f42021-12-21 11:28:05.943root 11241100x8000000000000000532085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e03545dabfb61b2021-12-21 11:28:05.943root 11241100x8000000000000000532086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4521551c3b8d0d232021-12-21 11:28:05.943root 11241100x8000000000000000532087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6935b80fc20231292021-12-21 11:28:05.943root 11241100x8000000000000000532088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9c2ea967a37a92021-12-21 11:28:05.943root 11241100x8000000000000000532089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20f21253aaf4b1a2021-12-21 11:28:05.943root 11241100x8000000000000000532090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2096206bff570cc2021-12-21 11:28:05.944root 11241100x8000000000000000532091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87041ec9c373dd12021-12-21 11:28:05.944root 11241100x8000000000000000532092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9bd4873065fde12021-12-21 11:28:05.944root 11241100x8000000000000000532093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211e0e8811e36712021-12-21 11:28:05.944root 11241100x8000000000000000532094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46499cc0f520d9d42021-12-21 11:28:05.944root 11241100x8000000000000000532095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be5a61b289039e12021-12-21 11:28:05.944root 11241100x8000000000000000532096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cac4a1c412b16f2021-12-21 11:28:05.944root 11241100x8000000000000000532097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65028a7b5bf23f022021-12-21 11:28:05.944root 11241100x8000000000000000532098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b341f222af29d302021-12-21 11:28:05.944root 11241100x8000000000000000532099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afa8f35e2ce18fb2021-12-21 11:28:05.944root 11241100x8000000000000000532100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8264c63cbbfff182021-12-21 11:28:05.944root 11241100x8000000000000000532101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b44e1ca76cec732021-12-21 11:28:05.944root 354300x8000000000000000532102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.057{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48580-false10.0.1.12-8000- 11241100x8000000000000000532103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:28:06.327root 11241100x8000000000000000532104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b354ca8f92acf32021-12-21 11:28:06.328root 11241100x8000000000000000532105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3aa5e5ffe350e22021-12-21 11:28:06.328root 11241100x8000000000000000532106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c7e402bd5c8002021-12-21 11:28:06.328root 11241100x8000000000000000532107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d4994bfaa8d02a2021-12-21 11:28:06.328root 11241100x8000000000000000532108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69aa210a4c33dd82021-12-21 11:28:06.328root 11241100x8000000000000000532109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27a3e2f26d4e412021-12-21 11:28:06.328root 11241100x8000000000000000532110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907257bb938446e32021-12-21 11:28:06.328root 11241100x8000000000000000532111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b54b3992f4c99c32021-12-21 11:28:06.328root 11241100x8000000000000000532112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b0635a1f89f5d72021-12-21 11:28:06.328root 11241100x8000000000000000532113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0d39a4785989902021-12-21 11:28:06.328root 11241100x8000000000000000532114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122c9afb5775a8122021-12-21 11:28:06.329root 11241100x8000000000000000532115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a5b5cd9ad7c15b2021-12-21 11:28:06.329root 11241100x8000000000000000532116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14020e02794de70a2021-12-21 11:28:06.331root 11241100x8000000000000000532117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd39e0577b950462021-12-21 11:28:06.331root 11241100x8000000000000000532118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b64331b59948fd2021-12-21 11:28:06.332root 11241100x8000000000000000532119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c2acd7be54cf82021-12-21 11:28:06.332root 11241100x8000000000000000532120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eba314a8dfae80d2021-12-21 11:28:06.332root 11241100x8000000000000000532121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c7df7ac0729232021-12-21 11:28:06.332root 11241100x8000000000000000532122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a581206736e2ba2021-12-21 11:28:06.332root 11241100x8000000000000000532123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b7041606390ed92021-12-21 11:28:06.332root 11241100x8000000000000000532124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac13ef11be568fdb2021-12-21 11:28:06.332root 11241100x8000000000000000532125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1048172343921a292021-12-21 11:28:06.332root 11241100x8000000000000000532126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e840298987afa2021-12-21 11:28:06.332root 11241100x8000000000000000532127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1f75741a134b492021-12-21 11:28:06.332root 11241100x8000000000000000532128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a360d86e67d48382021-12-21 11:28:06.332root 11241100x8000000000000000532129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8911547c5b2e8eaa2021-12-21 11:28:06.333root 11241100x8000000000000000532130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88512631791ef5d2021-12-21 11:28:06.333root 11241100x8000000000000000532131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573aa0bf3fa6986e2021-12-21 11:28:06.333root 11241100x8000000000000000532132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4d17a07169f6e02021-12-21 11:28:06.333root 11241100x8000000000000000532133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4053aca90defc22021-12-21 11:28:06.334root 11241100x8000000000000000532134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6ecef537ee7352021-12-21 11:28:06.334root 11241100x8000000000000000532135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7fc8b717cd47432021-12-21 11:28:06.336root 11241100x8000000000000000532136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87da25c14705ae72021-12-21 11:28:06.336root 11241100x8000000000000000532137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366a3f984607c292021-12-21 11:28:06.336root 11241100x8000000000000000532138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49659a27a8fb92d2021-12-21 11:28:06.336root 11241100x8000000000000000532139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb657fb3ee39572021-12-21 11:28:06.336root 11241100x8000000000000000532140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d179672608d693b02021-12-21 11:28:06.336root 11241100x8000000000000000532141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeb7f156ee579fc2021-12-21 11:28:06.336root 11241100x8000000000000000532142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a79d448a9cb4a7e2021-12-21 11:28:06.337root 11241100x8000000000000000532143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90475fa524f0b8d2021-12-21 11:28:06.337root 11241100x8000000000000000532144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94222818d1355ba2021-12-21 11:28:06.337root 11241100x8000000000000000532145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f2c5f1e9b5ec4d2021-12-21 11:28:06.338root 11241100x8000000000000000532146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690365e8fc4c03c22021-12-21 11:28:06.338root 11241100x8000000000000000532147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69241861174bcd862021-12-21 11:28:06.338root 11241100x8000000000000000532148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41917d6d6d66d5b2021-12-21 11:28:06.338root 11241100x8000000000000000532149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3001006a20cd732021-12-21 11:28:06.338root 11241100x8000000000000000532150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41de5b8b92a8b532021-12-21 11:28:06.338root 11241100x8000000000000000532151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528af88809c3d7a32021-12-21 11:28:06.338root 11241100x8000000000000000532152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5297dbe974e11432021-12-21 11:28:06.338root 11241100x8000000000000000532153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e426fe60a02efd82021-12-21 11:28:06.339root 11241100x8000000000000000532154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1988cfdbddc69d2021-12-21 11:28:06.339root 11241100x8000000000000000532155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e505310c326852021-12-21 11:28:06.339root 11241100x8000000000000000532156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceda5ebe70e33f62021-12-21 11:28:06.339root 11241100x8000000000000000532157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aafdc6b12114252021-12-21 11:28:06.340root 11241100x8000000000000000532158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278cfa87c929144c2021-12-21 11:28:06.340root 11241100x8000000000000000532159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a1fb838c282ff52021-12-21 11:28:06.340root 11241100x8000000000000000532160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53fcc65be6c53ed2021-12-21 11:28:06.693root 11241100x8000000000000000532161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b919f3ac4885412021-12-21 11:28:06.693root 11241100x8000000000000000532162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae3dee1fee86c032021-12-21 11:28:06.693root 11241100x8000000000000000532163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48d864e83c4e4362021-12-21 11:28:06.694root 11241100x8000000000000000532164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9bb8ce38474922021-12-21 11:28:06.694root 11241100x8000000000000000532165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6daa68f9e490dbde2021-12-21 11:28:06.694root 11241100x8000000000000000532166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b8362f9843c5442021-12-21 11:28:06.694root 11241100x8000000000000000532167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c284bb52ec4a73e2021-12-21 11:28:06.694root 11241100x8000000000000000532168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24de1810fb55fa62021-12-21 11:28:06.694root 11241100x8000000000000000532169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397b2680826d81d2021-12-21 11:28:06.694root 11241100x8000000000000000532170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3b3d19c34913d42021-12-21 11:28:06.694root 11241100x8000000000000000532171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487055c13fdc34b2021-12-21 11:28:06.695root 11241100x8000000000000000532172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e2dabdfb04d9822021-12-21 11:28:06.695root 11241100x8000000000000000532173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d31e07ce12aac12021-12-21 11:28:06.695root 11241100x8000000000000000532174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d8169318b37012021-12-21 11:28:06.695root 11241100x8000000000000000532175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ea202d99fceb32021-12-21 11:28:06.695root 11241100x8000000000000000532176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064b2c53e58dc2c72021-12-21 11:28:06.695root 11241100x8000000000000000532177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52865ec11ee421262021-12-21 11:28:06.695root 11241100x8000000000000000532178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cd3cd6f91eb69e2021-12-21 11:28:06.695root 11241100x8000000000000000532179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ab64ea966ebd182021-12-21 11:28:06.695root 11241100x8000000000000000532180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3108527557c951fc2021-12-21 11:28:06.695root 11241100x8000000000000000532181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549865bb90675a252021-12-21 11:28:06.696root 11241100x8000000000000000532182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d4f53930f1aca52021-12-21 11:28:07.192root 11241100x8000000000000000532183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9436b507c219584d2021-12-21 11:28:07.193root 11241100x8000000000000000532184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2919b33c71a1a72021-12-21 11:28:07.193root 11241100x8000000000000000532185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed65c7ed0e8ab02021-12-21 11:28:07.193root 11241100x8000000000000000532186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aed52bd0a2854e82021-12-21 11:28:07.193root 11241100x8000000000000000532187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a05de44adf79cdf2021-12-21 11:28:07.193root 11241100x8000000000000000532188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2c8e5945a832ea2021-12-21 11:28:07.193root 11241100x8000000000000000532189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41ac8c0da2d660c2021-12-21 11:28:07.193root 11241100x8000000000000000532190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78159ec2deaae5052021-12-21 11:28:07.193root 11241100x8000000000000000532191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2e7d2f13374e952021-12-21 11:28:07.194root 11241100x8000000000000000532192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742ed637c7caddc92021-12-21 11:28:07.194root 11241100x8000000000000000532193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6042ad5c53cbd12021-12-21 11:28:07.194root 11241100x8000000000000000532194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd11f6e003c938432021-12-21 11:28:07.194root 11241100x8000000000000000532195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b5611f4d1797fa2021-12-21 11:28:07.194root 11241100x8000000000000000532196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81489ad159b714d52021-12-21 11:28:07.194root 11241100x8000000000000000532197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc901edf7587f692021-12-21 11:28:07.194root 11241100x8000000000000000532198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0aea6c2190d1e82021-12-21 11:28:07.195root 11241100x8000000000000000532199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d848e43ddc9881e92021-12-21 11:28:07.195root 11241100x8000000000000000532200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948af4833c924f402021-12-21 11:28:07.195root 11241100x8000000000000000532201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f2c1c7ad3243cc2021-12-21 11:28:07.195root 11241100x8000000000000000532202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690db027dacacc242021-12-21 11:28:07.195root 11241100x8000000000000000532203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc2a8797bcfb9042021-12-21 11:28:07.195root 11241100x8000000000000000532204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282d687137da3dfa2021-12-21 11:28:07.196root 11241100x8000000000000000532205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485fdabac279f4c2021-12-21 11:28:07.196root 11241100x8000000000000000532206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27737cae94553eff2021-12-21 11:28:07.196root 11241100x8000000000000000532207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c9b7b85d1237762021-12-21 11:28:07.196root 11241100x8000000000000000532208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d97ad116c76dfed2021-12-21 11:28:07.693root 11241100x8000000000000000532209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636b728474c091e12021-12-21 11:28:07.693root 11241100x8000000000000000532210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831d3a99eedec6cf2021-12-21 11:28:07.693root 11241100x8000000000000000532211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1112531f3b9cc41b2021-12-21 11:28:07.693root 11241100x8000000000000000532212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e860ba36166e282021-12-21 11:28:07.693root 11241100x8000000000000000532213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020ba6075169a6572021-12-21 11:28:07.693root 11241100x8000000000000000532214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b59e5314d3da3b2021-12-21 11:28:07.693root 11241100x8000000000000000532215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd7a3c3f8dfaa3b2021-12-21 11:28:07.693root 11241100x8000000000000000532216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7156647b4bef492021-12-21 11:28:07.693root 11241100x8000000000000000532217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32aa47ca30f25332021-12-21 11:28:07.693root 11241100x8000000000000000532218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9cd5625248dcc2021-12-21 11:28:07.694root 11241100x8000000000000000532219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd78202143b4722021-12-21 11:28:07.694root 11241100x8000000000000000532220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b03bdb7ed3c95b2021-12-21 11:28:07.694root 11241100x8000000000000000532221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a63e3b642d0a192021-12-21 11:28:07.694root 11241100x8000000000000000532222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8390909aafadc6262021-12-21 11:28:07.694root 11241100x8000000000000000532223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278d9751ec99e4712021-12-21 11:28:07.694root 11241100x8000000000000000532224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df1ff4f0a428b732021-12-21 11:28:07.694root 11241100x8000000000000000532225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d385b0bc01fee62021-12-21 11:28:07.694root 11241100x8000000000000000532226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ffeaaea1bda8ee2021-12-21 11:28:07.694root 11241100x8000000000000000532227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eb19f9b4852faf2021-12-21 11:28:07.694root 11241100x8000000000000000532228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226bd33df51e48982021-12-21 11:28:07.694root 11241100x8000000000000000532229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2542b174a7e4fa2021-12-21 11:28:07.694root 11241100x8000000000000000532230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccd525d8ad74fc32021-12-21 11:28:07.695root 11241100x8000000000000000532231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271626421876d3942021-12-21 11:28:07.695root 11241100x8000000000000000532232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6948f2577897202021-12-21 11:28:07.695root 11241100x8000000000000000532233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7b5d0aa823bc842021-12-21 11:28:07.695root 11241100x8000000000000000532234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc39e629da9b35922021-12-21 11:28:07.695root 11241100x8000000000000000532235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9910edac7e8cdd022021-12-21 11:28:07.695root 11241100x8000000000000000532236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac38863391b90be2021-12-21 11:28:07.695root 11241100x8000000000000000532237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56cba0a4ef088d12021-12-21 11:28:07.695root 11241100x8000000000000000532238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5afa00514df6f3f2021-12-21 11:28:07.696root 11241100x8000000000000000532239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05db19c58b086db82021-12-21 11:28:07.696root 11241100x8000000000000000532240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296771b7be6672382021-12-21 11:28:07.696root 11241100x8000000000000000532241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6c26bc4af5514a2021-12-21 11:28:07.696root 11241100x8000000000000000532242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61b193db15719642021-12-21 11:28:08.193root 11241100x8000000000000000532243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9dbe9aa0e0519a2021-12-21 11:28:08.193root 11241100x8000000000000000532244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1523e9c27f080e912021-12-21 11:28:08.193root 11241100x8000000000000000532245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02020bbcec408022021-12-21 11:28:08.193root 11241100x8000000000000000532246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd68c06f51f249892021-12-21 11:28:08.193root 11241100x8000000000000000532247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5336d23416ff04642021-12-21 11:28:08.193root 11241100x8000000000000000532248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19552b5c5e56fb2021-12-21 11:28:08.193root 11241100x8000000000000000532249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67cc8a85dfbccf72021-12-21 11:28:08.193root 11241100x8000000000000000532250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b785682f710baae62021-12-21 11:28:08.193root 11241100x8000000000000000532251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aff2850b93164e2021-12-21 11:28:08.193root 11241100x8000000000000000532252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faee8d5764750c8c2021-12-21 11:28:08.193root 11241100x8000000000000000532253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a49ca6dab2af6e2021-12-21 11:28:08.194root 11241100x8000000000000000532254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22b841485d3740b2021-12-21 11:28:08.194root 11241100x8000000000000000532255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61f38b4f2360c902021-12-21 11:28:08.194root 11241100x8000000000000000532256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0013b9d52cf78ce2021-12-21 11:28:08.194root 11241100x8000000000000000532257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea61fdadd24c839f2021-12-21 11:28:08.194root 11241100x8000000000000000532258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dd365cbcdb99eb2021-12-21 11:28:08.194root 11241100x8000000000000000532259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a9a6b75536119b2021-12-21 11:28:08.194root 11241100x8000000000000000532260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b6eb6c62e126092021-12-21 11:28:08.194root 11241100x8000000000000000532261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e97ead0861e78ab2021-12-21 11:28:08.195root 11241100x8000000000000000532262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1953af5eaa4441752021-12-21 11:28:08.195root 11241100x8000000000000000532263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0ff1c4e18f40852021-12-21 11:28:08.195root 11241100x8000000000000000532264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d666360d30f7aa2021-12-21 11:28:08.195root 11241100x8000000000000000532265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac3253b4803888a2021-12-21 11:28:08.693root 11241100x8000000000000000532266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7dc596a7eb0d342021-12-21 11:28:08.693root 11241100x8000000000000000532267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe684cf0b1ebadb92021-12-21 11:28:08.694root 11241100x8000000000000000532268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd31c34806d74a82021-12-21 11:28:08.694root 11241100x8000000000000000532269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d3c27547434d382021-12-21 11:28:08.694root 11241100x8000000000000000532270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78780214429cecc12021-12-21 11:28:08.694root 11241100x8000000000000000532271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef12ce7d46e877f82021-12-21 11:28:08.694root 11241100x8000000000000000532272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e83a8b373821902021-12-21 11:28:08.694root 11241100x8000000000000000532273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4154845debaff512021-12-21 11:28:08.694root 11241100x8000000000000000532274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022535249b82f8eb2021-12-21 11:28:08.694root 11241100x8000000000000000532275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74083b5682dbf42021-12-21 11:28:08.694root 11241100x8000000000000000532276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38168f92313abc2021-12-21 11:28:08.694root 11241100x8000000000000000532277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cb5456d808ac622021-12-21 11:28:08.694root 11241100x8000000000000000532278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c965af65bab0112021-12-21 11:28:08.695root 11241100x8000000000000000532279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac5e1443154e4982021-12-21 11:28:08.695root 11241100x8000000000000000532280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1970bf1224f86d2021-12-21 11:28:08.695root 11241100x8000000000000000532281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34be7b416858f9042021-12-21 11:28:08.695root 11241100x8000000000000000532282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca3e7c91e8b719e2021-12-21 11:28:08.695root 11241100x8000000000000000532283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01945a9b03d9c5552021-12-21 11:28:08.695root 11241100x8000000000000000532284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2d6df6ec404ae12021-12-21 11:28:08.695root 11241100x8000000000000000532285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9643fe68c0a0b232021-12-21 11:28:08.695root 11241100x8000000000000000532286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27132da9db222bec2021-12-21 11:28:08.695root 11241100x8000000000000000532287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e2f89ca778ea7f2021-12-21 11:28:09.193root 11241100x8000000000000000532288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4e1027c0922a282021-12-21 11:28:09.193root 11241100x8000000000000000532289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80548e43b7134d8e2021-12-21 11:28:09.193root 11241100x8000000000000000532290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85fa5d0d8ab05122021-12-21 11:28:09.193root 11241100x8000000000000000532291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de94dbe9252fc702021-12-21 11:28:09.193root 11241100x8000000000000000532292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b667b209f73966d2021-12-21 11:28:09.193root 11241100x8000000000000000532293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3336a1be51addb062021-12-21 11:28:09.194root 11241100x8000000000000000532294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6037e70d6136b27c2021-12-21 11:28:09.194root 11241100x8000000000000000532295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039b7ad56509f2792021-12-21 11:28:09.194root 11241100x8000000000000000532296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ac30c5070987cc2021-12-21 11:28:09.194root 11241100x8000000000000000532297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f947c2529ef8eb42021-12-21 11:28:09.194root 11241100x8000000000000000532298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00efdf50593f383c2021-12-21 11:28:09.194root 11241100x8000000000000000532299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491f548287b1cca32021-12-21 11:28:09.194root 11241100x8000000000000000532300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6303c7c7259e802021-12-21 11:28:09.194root 11241100x8000000000000000532301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de527e1b61cde7072021-12-21 11:28:09.194root 11241100x8000000000000000532302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d92a84816dcc8c2021-12-21 11:28:09.194root 11241100x8000000000000000532303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ee3510569da47d2021-12-21 11:28:09.195root 11241100x8000000000000000532304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3948acee419b33032021-12-21 11:28:09.195root 11241100x8000000000000000532305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363723d2665a6a1e2021-12-21 11:28:09.195root 11241100x8000000000000000532306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911e525605c7f00e2021-12-21 11:28:09.195root 11241100x8000000000000000532307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb830037e3fc7c542021-12-21 11:28:09.195root 11241100x8000000000000000532308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847546513b6190832021-12-21 11:28:09.195root 23542300x8000000000000000532309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000532310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7084535b58b3122021-12-21 11:28:09.693root 11241100x8000000000000000532311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5133faf833fc8b2021-12-21 11:28:09.693root 11241100x8000000000000000532312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9ec37d6ee715a2021-12-21 11:28:09.693root 11241100x8000000000000000532313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1947951fb3a2399b2021-12-21 11:28:09.693root 11241100x8000000000000000532314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920560f8ab8ab1a12021-12-21 11:28:09.693root 11241100x8000000000000000532315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7a5f0bb1ba97ae2021-12-21 11:28:09.693root 11241100x8000000000000000532316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e1ee0cc791cee62021-12-21 11:28:09.693root 11241100x8000000000000000532317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5f95edc669c6612021-12-21 11:28:09.693root 11241100x8000000000000000532318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0524772861c0ee932021-12-21 11:28:09.693root 11241100x8000000000000000532319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82533182cc9f09542021-12-21 11:28:09.693root 11241100x8000000000000000532320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a9cfc8cc72f87b2021-12-21 11:28:09.693root 11241100x8000000000000000532321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df38b138ac226a952021-12-21 11:28:09.693root 11241100x8000000000000000532322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1913ed343020d5cd2021-12-21 11:28:09.694root 11241100x8000000000000000532323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163da66941a375ff2021-12-21 11:28:09.694root 11241100x8000000000000000532324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eda0efc25ef0542021-12-21 11:28:09.694root 11241100x8000000000000000532325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380a7b5cf3fe913b2021-12-21 11:28:09.694root 11241100x8000000000000000532326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45efca0b89c707502021-12-21 11:28:09.694root 11241100x8000000000000000532327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63a95a388661f162021-12-21 11:28:09.694root 11241100x8000000000000000532328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2f0ce9b38e27d2021-12-21 11:28:09.694root 11241100x8000000000000000532329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d0eac805b035f02021-12-21 11:28:09.694root 11241100x8000000000000000532330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ef51fc7c145bb52021-12-21 11:28:09.694root 11241100x8000000000000000532331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace2487f659d5d5d2021-12-21 11:28:09.694root 11241100x8000000000000000532332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603c1af6a72227f72021-12-21 11:28:09.694root 11241100x8000000000000000532333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ab89beb8e0666d2021-12-21 11:28:09.694root 11241100x8000000000000000532334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00556eb9fdbeba1e2021-12-21 11:28:09.694root 11241100x8000000000000000532335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed47ab5ab5184022021-12-21 11:28:09.695root 11241100x8000000000000000532336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc76b96054e20d42021-12-21 11:28:09.695root 11241100x8000000000000000532337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1624db85019230782021-12-21 11:28:09.695root 11241100x8000000000000000532338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1dcc383568d5a22021-12-21 11:28:09.695root 11241100x8000000000000000532339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d93299d92056ac2021-12-21 11:28:10.193root 11241100x8000000000000000532340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434dda0da8950d612021-12-21 11:28:10.193root 11241100x8000000000000000532341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730e9d4481cf1b0a2021-12-21 11:28:10.193root 11241100x8000000000000000532342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ec24745e6ec7b82021-12-21 11:28:10.193root 11241100x8000000000000000532343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b41cdfc18f269802021-12-21 11:28:10.193root 11241100x8000000000000000532344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5784f45844bdda62021-12-21 11:28:10.193root 11241100x8000000000000000532345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3add2677f22980232021-12-21 11:28:10.193root 11241100x8000000000000000532346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d9864512eb4e742021-12-21 11:28:10.193root 11241100x8000000000000000532347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaef52e3c11bbe9d2021-12-21 11:28:10.193root 11241100x8000000000000000532348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6276d0f64b90822021-12-21 11:28:10.193root 11241100x8000000000000000532349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22996231c14b21912021-12-21 11:28:10.193root 11241100x8000000000000000532350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2137bda3fad53b2021-12-21 11:28:10.194root 11241100x8000000000000000532351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f7c71e0b9cc5302021-12-21 11:28:10.194root 11241100x8000000000000000532352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11754f8d092958242021-12-21 11:28:10.194root 11241100x8000000000000000532353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459a20b5d5aa4fbb2021-12-21 11:28:10.194root 11241100x8000000000000000532354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb38f65116d91b82021-12-21 11:28:10.194root 11241100x8000000000000000532355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357fe96d1499bd0b2021-12-21 11:28:10.194root 11241100x8000000000000000532356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38f41c1e135d9092021-12-21 11:28:10.194root 11241100x8000000000000000532357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253768c694a1d23a2021-12-21 11:28:10.194root 11241100x8000000000000000532358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722424972509e7672021-12-21 11:28:10.194root 11241100x8000000000000000532359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e43afd2db049b62021-12-21 11:28:10.194root 11241100x8000000000000000532360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51862fb88bab559a2021-12-21 11:28:10.194root 11241100x8000000000000000532361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca644bc514521eea2021-12-21 11:28:10.194root 11241100x8000000000000000532362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60cd24f57704fc42021-12-21 11:28:10.194root 11241100x8000000000000000532363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d821bfc5d829c2021-12-21 11:28:10.194root 11241100x8000000000000000532364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b55e4917cdd962021-12-21 11:28:10.693root 11241100x8000000000000000532365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1185ac3d3864f642021-12-21 11:28:10.693root 11241100x8000000000000000532366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6cbfca6c3fd87e2021-12-21 11:28:10.693root 11241100x8000000000000000532367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9367b928b75e29422021-12-21 11:28:10.693root 11241100x8000000000000000532368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25465ee90d94b462021-12-21 11:28:10.694root 11241100x8000000000000000532369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553fe55e47b109c12021-12-21 11:28:10.694root 11241100x8000000000000000532370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638c7005ed623472021-12-21 11:28:10.694root 11241100x8000000000000000532371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f37c3495d941cb2021-12-21 11:28:10.694root 11241100x8000000000000000532372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0297def5a22372021-12-21 11:28:10.694root 11241100x8000000000000000532373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac49065599bf1c22021-12-21 11:28:10.694root 11241100x8000000000000000532374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea8e108a68f06242021-12-21 11:28:10.694root 11241100x8000000000000000532375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e747bdc036cf02021-12-21 11:28:10.694root 11241100x8000000000000000532376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2e899474d2844d2021-12-21 11:28:10.694root 11241100x8000000000000000532377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78e7230c531af02021-12-21 11:28:10.694root 11241100x8000000000000000532378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd3a731175961352021-12-21 11:28:10.694root 11241100x8000000000000000532379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf3ddbc37aad8d62021-12-21 11:28:10.694root 11241100x8000000000000000532380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6a5e6f1cbd8c232021-12-21 11:28:10.694root 11241100x8000000000000000532381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd5e2a32787790a2021-12-21 11:28:10.694root 11241100x8000000000000000532382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5436fc59849cb7b2021-12-21 11:28:10.694root 11241100x8000000000000000532383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eedd92e95de7e12021-12-21 11:28:10.695root 11241100x8000000000000000532384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f39b2e42a4387802021-12-21 11:28:10.695root 11241100x8000000000000000532385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cde38d9c33392ac2021-12-21 11:28:10.695root 11241100x8000000000000000532386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5247b5816c2efb2021-12-21 11:28:10.695root 354300x8000000000000000532387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.107{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48582-false10.0.1.12-8000- 11241100x8000000000000000532388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c069b166bddfdc42021-12-21 11:28:11.108root 11241100x8000000000000000532389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278b5de35a6a79ec2021-12-21 11:28:11.108root 11241100x8000000000000000532390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fcd1c5143d5752021-12-21 11:28:11.108root 11241100x8000000000000000532391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ffea0487b1891f2021-12-21 11:28:11.108root 11241100x8000000000000000532392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cb6b5358c892332021-12-21 11:28:11.108root 11241100x8000000000000000532393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7babd8c83bcef5472021-12-21 11:28:11.108root 11241100x8000000000000000532394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279a7079b847caed2021-12-21 11:28:11.108root 11241100x8000000000000000532395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.108{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269a83996b4e5c1b2021-12-21 11:28:11.108root 11241100x8000000000000000532396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d252af0db908b512021-12-21 11:28:11.109root 11241100x8000000000000000532397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66f64cb5c72c0742021-12-21 11:28:11.109root 11241100x8000000000000000532398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77474989d56c2fe42021-12-21 11:28:11.109root 11241100x8000000000000000532399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f4198d420719362021-12-21 11:28:11.109root 11241100x8000000000000000532400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27d55f64f55fa072021-12-21 11:28:11.109root 11241100x8000000000000000532401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7148590977d3d32021-12-21 11:28:11.109root 11241100x8000000000000000532402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21184f0ef60870652021-12-21 11:28:11.109root 11241100x8000000000000000532403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806952be14fefd672021-12-21 11:28:11.109root 11241100x8000000000000000532404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b757ffe7161e85be2021-12-21 11:28:11.109root 11241100x8000000000000000532405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9663e3672a3cf5a2021-12-21 11:28:11.109root 11241100x8000000000000000532406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79773bf318eaf0452021-12-21 11:28:11.109root 11241100x8000000000000000532407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08929837c562ae3f2021-12-21 11:28:11.109root 11241100x8000000000000000532408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ad30eede2b3db2021-12-21 11:28:11.110root 11241100x8000000000000000532409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dedaa2303dee0152021-12-21 11:28:11.110root 11241100x8000000000000000532410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230f612727562e952021-12-21 11:28:11.110root 11241100x8000000000000000532411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1028271711a506d32021-12-21 11:28:11.110root 11241100x8000000000000000532412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19cb331442fdfe2021-12-21 11:28:11.110root 11241100x8000000000000000532413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc106ff70a3b68f2021-12-21 11:28:11.110root 11241100x8000000000000000532414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8e8c4f4940fd4c2021-12-21 11:28:11.110root 11241100x8000000000000000532415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e49a7ae5ec102a2021-12-21 11:28:11.110root 11241100x8000000000000000532416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49516fe683588c462021-12-21 11:28:11.110root 11241100x8000000000000000532417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd36df16b6b4542021-12-21 11:28:11.110root 11241100x8000000000000000532418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f790743da2a02ef2021-12-21 11:28:11.110root 11241100x8000000000000000532419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8700d751caaadd2021-12-21 11:28:11.110root 11241100x8000000000000000532420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262d6ccdaaed1c392021-12-21 11:28:11.111root 11241100x8000000000000000532421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff74682d8e5e8c62021-12-21 11:28:11.111root 11241100x8000000000000000532422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d9fd9092cff3bf2021-12-21 11:28:11.111root 11241100x8000000000000000532423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e88de0ce9ba59b2021-12-21 11:28:11.111root 11241100x8000000000000000532424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993bc138c52405172021-12-21 11:28:11.111root 11241100x8000000000000000532425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a3bf80e784a01f2021-12-21 11:28:11.443root 11241100x8000000000000000532426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091da7dcf2c127ca2021-12-21 11:28:11.443root 11241100x8000000000000000532427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b930fa81d3d672021-12-21 11:28:11.443root 11241100x8000000000000000532428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96d65a3c9a5c2e2021-12-21 11:28:11.443root 11241100x8000000000000000532429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d3685dc0e563e82021-12-21 11:28:11.444root 11241100x8000000000000000532430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfc078e48d7878b2021-12-21 11:28:11.444root 11241100x8000000000000000532431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522fc24ced6a0b6c2021-12-21 11:28:11.444root 11241100x8000000000000000532432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a083d825adc7f902021-12-21 11:28:11.444root 11241100x8000000000000000532433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988574729451e09a2021-12-21 11:28:11.444root 11241100x8000000000000000532434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f522ca5d7ee7442021-12-21 11:28:11.444root 11241100x8000000000000000532435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573e13ffd5f465f12021-12-21 11:28:11.444root 11241100x8000000000000000532436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d67a592676a6342021-12-21 11:28:11.444root 11241100x8000000000000000532437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc34f33f09c3d28e2021-12-21 11:28:11.444root 11241100x8000000000000000532438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb3c4ac0632203e2021-12-21 11:28:11.444root 11241100x8000000000000000532439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423a9f5e432c90962021-12-21 11:28:11.444root 11241100x8000000000000000532440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa95cce1d0458632021-12-21 11:28:11.445root 11241100x8000000000000000532441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9416d926e6e9932021-12-21 11:28:11.445root 11241100x8000000000000000532442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db7cf9d3d16969e2021-12-21 11:28:11.445root 11241100x8000000000000000532443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87877f780aabcf1b2021-12-21 11:28:11.445root 11241100x8000000000000000532444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee71cfc7a9c1f3e2021-12-21 11:28:11.445root 11241100x8000000000000000532445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5a89a287e742b2021-12-21 11:28:11.445root 11241100x8000000000000000532446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2595904b01c657fa2021-12-21 11:28:11.445root 11241100x8000000000000000532447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a93d30991003702021-12-21 11:28:11.446root 11241100x8000000000000000532448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbb1e18de7876532021-12-21 11:28:11.446root 11241100x8000000000000000532449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458671795e8910262021-12-21 11:28:11.943root 11241100x8000000000000000532450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf5f1f34a9a1d102021-12-21 11:28:11.943root 11241100x8000000000000000532451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691917659e22843b2021-12-21 11:28:11.944root 11241100x8000000000000000532452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61da688197f9e10b2021-12-21 11:28:11.944root 11241100x8000000000000000532453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9732ec806064ab42021-12-21 11:28:11.944root 11241100x8000000000000000532454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac22bd1ddb266c52021-12-21 11:28:11.944root 11241100x8000000000000000532455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1947821a37cab8532021-12-21 11:28:11.944root 11241100x8000000000000000532456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed191d0288b73c52021-12-21 11:28:11.944root 11241100x8000000000000000532457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c72f3f5d5d00262021-12-21 11:28:11.945root 11241100x8000000000000000532458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a467f825280c00082021-12-21 11:28:11.945root 11241100x8000000000000000532459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41449a4031839d02021-12-21 11:28:11.945root 11241100x8000000000000000532460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404606e447a6f0b62021-12-21 11:28:11.945root 11241100x8000000000000000532461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faf40fb06c9cbca2021-12-21 11:28:11.945root 11241100x8000000000000000532462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e993db4a187249d2021-12-21 11:28:11.945root 11241100x8000000000000000532463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4a9f308711f5f22021-12-21 11:28:11.946root 11241100x8000000000000000532464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abfb7eadb959d402021-12-21 11:28:11.946root 11241100x8000000000000000532465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7faac69872f3a5e2021-12-21 11:28:11.946root 11241100x8000000000000000532466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b0281f16f21a322021-12-21 11:28:11.946root 11241100x8000000000000000532467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c22ddf99841942021-12-21 11:28:11.946root 11241100x8000000000000000532468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27fd4c1953e4f8c2021-12-21 11:28:11.946root 11241100x8000000000000000532469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4151e7a451b0fd2021-12-21 11:28:11.946root 11241100x8000000000000000532470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b751fc5c25cd22021-12-21 11:28:11.947root 11241100x8000000000000000532471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192bdc28966778292021-12-21 11:28:11.947root 11241100x8000000000000000532472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fefa0652f985f92021-12-21 11:28:11.947root 11241100x8000000000000000532473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bff98426da88832021-12-21 11:28:12.443root 11241100x8000000000000000532474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d728cc42ae18ebc2021-12-21 11:28:12.443root 11241100x8000000000000000532475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ac10f1f29bef902021-12-21 11:28:12.443root 11241100x8000000000000000532476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f9ac9bea3bac442021-12-21 11:28:12.443root 11241100x8000000000000000532477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274f89e79dbb8dfb2021-12-21 11:28:12.443root 11241100x8000000000000000532478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2045ea77e70913d02021-12-21 11:28:12.443root 11241100x8000000000000000532479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ad0ace7da2fc9c2021-12-21 11:28:12.444root 11241100x8000000000000000532480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45c21cd7d3b57792021-12-21 11:28:12.444root 11241100x8000000000000000532481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc358e55f0e86742021-12-21 11:28:12.444root 11241100x8000000000000000532482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb489999b3e248e52021-12-21 11:28:12.444root 11241100x8000000000000000532483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd429c3b7e498e2021-12-21 11:28:12.444root 11241100x8000000000000000532484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030b27a5ece36db02021-12-21 11:28:12.444root 11241100x8000000000000000532485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1818549648e7f7a32021-12-21 11:28:12.444root 11241100x8000000000000000532486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c90767fb16ff812021-12-21 11:28:12.444root 11241100x8000000000000000532487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5175d5286cdc462a2021-12-21 11:28:12.444root 11241100x8000000000000000532488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bb3690f95106982021-12-21 11:28:12.444root 11241100x8000000000000000532489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4551ef69b68743732021-12-21 11:28:12.445root 11241100x8000000000000000532490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77eb3a54939418f2021-12-21 11:28:12.445root 11241100x8000000000000000532491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc91951cc4dc789b2021-12-21 11:28:12.445root 11241100x8000000000000000532492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe735f667ff6c212021-12-21 11:28:12.445root 11241100x8000000000000000532493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827a1292439792482021-12-21 11:28:12.445root 11241100x8000000000000000532494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6162bbe65c75d0a2021-12-21 11:28:12.445root 11241100x8000000000000000532495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1232e938e5c913e62021-12-21 11:28:12.446root 11241100x8000000000000000532496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa9b3d24b64b422021-12-21 11:28:12.446root 11241100x8000000000000000532497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dda7693f886b8762021-12-21 11:28:12.943root 11241100x8000000000000000532498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af03b8d64dbf23b2021-12-21 11:28:12.943root 11241100x8000000000000000532499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcdac8c6c34a6e52021-12-21 11:28:12.943root 11241100x8000000000000000532500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c7ae09b02a49ee2021-12-21 11:28:12.944root 11241100x8000000000000000532501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46c1a38bbfe49b2021-12-21 11:28:12.944root 11241100x8000000000000000532502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca4bb55555dfdbb2021-12-21 11:28:12.944root 11241100x8000000000000000532503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c545157e8c6db22021-12-21 11:28:12.944root 11241100x8000000000000000532504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0dc48e7016d08e2021-12-21 11:28:12.944root 11241100x8000000000000000532505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ba9d719528fb382021-12-21 11:28:12.944root 11241100x8000000000000000532506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085ba5ca4bf99a32021-12-21 11:28:12.944root 11241100x8000000000000000532507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414332905182a7222021-12-21 11:28:12.944root 11241100x8000000000000000532508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01575889848b78df2021-12-21 11:28:12.944root 11241100x8000000000000000532509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dffaebfeb143d2b2021-12-21 11:28:12.944root 11241100x8000000000000000532510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a32ce98d5113f22021-12-21 11:28:12.944root 11241100x8000000000000000532511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38c7703e6b92ff2021-12-21 11:28:12.945root 11241100x8000000000000000532512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c0697f44a620492021-12-21 11:28:12.945root 11241100x8000000000000000532513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac518c26838b2c2021-12-21 11:28:12.945root 11241100x8000000000000000532514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0bc2b461c7dd332021-12-21 11:28:12.945root 11241100x8000000000000000532515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f83e43f0bd6cec2021-12-21 11:28:12.945root 11241100x8000000000000000532516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3de7236c1dd1702021-12-21 11:28:12.945root 11241100x8000000000000000532517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d791c4723e9a63e2021-12-21 11:28:12.945root 11241100x8000000000000000532518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298858fadd3c1a542021-12-21 11:28:12.945root 11241100x8000000000000000532519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30b5f64695d6a9c2021-12-21 11:28:12.945root 11241100x8000000000000000532520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7b3938d59f99482021-12-21 11:28:12.945root 11241100x8000000000000000532521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eca738449069f82021-12-21 11:28:13.443root 11241100x8000000000000000532522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c41f2c41db026a2021-12-21 11:28:13.443root 11241100x8000000000000000532523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8593660f07688dc72021-12-21 11:28:13.443root 11241100x8000000000000000532524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458cbc6fd49175da2021-12-21 11:28:13.443root 11241100x8000000000000000532525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5d0cf000145c672021-12-21 11:28:13.443root 11241100x8000000000000000532526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad0e0c19d538b6a2021-12-21 11:28:13.443root 11241100x8000000000000000532527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef8d523cd0b39a2021-12-21 11:28:13.444root 11241100x8000000000000000532528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec20abf24cd6a9f2021-12-21 11:28:13.444root 11241100x8000000000000000532529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43746661012217c82021-12-21 11:28:13.444root 11241100x8000000000000000532530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0883f8c72a849512021-12-21 11:28:13.444root 11241100x8000000000000000532531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816bd248479890aa2021-12-21 11:28:13.444root 11241100x8000000000000000532532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b99e53cfcea9842021-12-21 11:28:13.444root 11241100x8000000000000000532533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abc48550c605d462021-12-21 11:28:13.444root 11241100x8000000000000000532534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf604ae5106b28f92021-12-21 11:28:13.444root 11241100x8000000000000000532535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95eb38640aafadb2021-12-21 11:28:13.444root 11241100x8000000000000000532536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faed280a88a954ad2021-12-21 11:28:13.445root 11241100x8000000000000000532537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc7e730542af0a82021-12-21 11:28:13.445root 11241100x8000000000000000532538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e090efb13930c2021-12-21 11:28:13.445root 11241100x8000000000000000532539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acc62e53762f0f52021-12-21 11:28:13.445root 11241100x8000000000000000532540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acaad3691c2d7cc2021-12-21 11:28:13.445root 11241100x8000000000000000532541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1aaf6fe2f0907b2021-12-21 11:28:13.445root 11241100x8000000000000000532542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0527fa9f380408ce2021-12-21 11:28:13.445root 11241100x8000000000000000532543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c93b26e41f483812021-12-21 11:28:13.445root 11241100x8000000000000000532544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28aee9b132d713f2021-12-21 11:28:13.445root 11241100x8000000000000000532545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4594d762fd6cfd62021-12-21 11:28:13.446root 11241100x8000000000000000532546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ded9acb50ac4382021-12-21 11:28:13.446root 11241100x8000000000000000532547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4641b43b6e1fd22021-12-21 11:28:13.446root 11241100x8000000000000000532548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83518c3870636dbe2021-12-21 11:28:13.446root 11241100x8000000000000000532549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b88b2a04d8ee142021-12-21 11:28:13.943root 11241100x8000000000000000532550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fd98eb7d48f38d2021-12-21 11:28:13.943root 11241100x8000000000000000532551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae3d0941d166fcf2021-12-21 11:28:13.943root 11241100x8000000000000000532552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a0a37a17e0965c2021-12-21 11:28:13.943root 11241100x8000000000000000532553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d338bf9cb5e87e02021-12-21 11:28:13.943root 11241100x8000000000000000532554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4854a39223008c0a2021-12-21 11:28:13.944root 11241100x8000000000000000532555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1240e5895059d7d72021-12-21 11:28:13.944root 11241100x8000000000000000532556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addbe26248be3efa2021-12-21 11:28:13.944root 11241100x8000000000000000532557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeef3278c662f2f2021-12-21 11:28:13.944root 11241100x8000000000000000532558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15d099e7c3a6b512021-12-21 11:28:13.944root 11241100x8000000000000000532559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb0e421068b4c6f2021-12-21 11:28:13.944root 11241100x8000000000000000532560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcab54060df8cea2021-12-21 11:28:13.944root 11241100x8000000000000000532561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22f87328db44f172021-12-21 11:28:13.944root 11241100x8000000000000000532562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de257a41df68bfc92021-12-21 11:28:13.944root 11241100x8000000000000000532563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1ec5223ac135862021-12-21 11:28:13.944root 11241100x8000000000000000532564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8f989610393c842021-12-21 11:28:13.944root 11241100x8000000000000000532565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd56edb0b7bf3f2021-12-21 11:28:13.944root 11241100x8000000000000000532566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7385be9a19932172021-12-21 11:28:13.944root 11241100x8000000000000000532567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927c24e638b3cf932021-12-21 11:28:13.944root 11241100x8000000000000000532568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9dbe5e0267f7ea2021-12-21 11:28:13.944root 11241100x8000000000000000532569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2745b1b27a93ed352021-12-21 11:28:13.945root 11241100x8000000000000000532570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed7fa14d9a27c22021-12-21 11:28:13.945root 11241100x8000000000000000532571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccfe2b75b39d8972021-12-21 11:28:13.945root 11241100x8000000000000000532572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ceec4cdc617bb92021-12-21 11:28:13.945root 11241100x8000000000000000532573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935b8594eb665c7f2021-12-21 11:28:14.443root 11241100x8000000000000000532574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3525b5f4a5a94602021-12-21 11:28:14.443root 11241100x8000000000000000532575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff7ff0cb927831a2021-12-21 11:28:14.443root 11241100x8000000000000000532576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdbbb1330c05d022021-12-21 11:28:14.444root 11241100x8000000000000000532577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565bc049a74605b2021-12-21 11:28:14.444root 11241100x8000000000000000532578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29d6ac2109d700e2021-12-21 11:28:14.444root 11241100x8000000000000000532579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab56428e4961cd182021-12-21 11:28:14.444root 11241100x8000000000000000532580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316b06fd8e1418f52021-12-21 11:28:14.444root 11241100x8000000000000000532581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5715ed290e2759512021-12-21 11:28:14.444root 11241100x8000000000000000532582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff18dd7399fffc2021-12-21 11:28:14.444root 11241100x8000000000000000532583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e5374f26ee8e8c2021-12-21 11:28:14.444root 11241100x8000000000000000532584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fbfea82057edee2021-12-21 11:28:14.445root 11241100x8000000000000000532585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff41ddb80d0165e2021-12-21 11:28:14.445root 11241100x8000000000000000532586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826e7d88a99666cc2021-12-21 11:28:14.445root 11241100x8000000000000000532587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec6446e6eea42592021-12-21 11:28:14.445root 11241100x8000000000000000532588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d428e8bba860072021-12-21 11:28:14.445root 11241100x8000000000000000532589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f056a14f137bd02021-12-21 11:28:14.445root 11241100x8000000000000000532590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598eaa137ba991922021-12-21 11:28:14.445root 11241100x8000000000000000532591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe56357bfa479f2021-12-21 11:28:14.445root 11241100x8000000000000000532592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa627309087deadc2021-12-21 11:28:14.446root 11241100x8000000000000000532593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220ef00192f8d132021-12-21 11:28:14.446root 11241100x8000000000000000532594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f35b2c400ca8752021-12-21 11:28:14.446root 11241100x8000000000000000532595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7113cdefa5f41ed2021-12-21 11:28:14.446root 11241100x8000000000000000532596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee63d1c40b8ab4802021-12-21 11:28:14.446root 11241100x8000000000000000532597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c18b1ca0ed0786c2021-12-21 11:28:14.446root 11241100x8000000000000000532598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeae13fc4f9c6352021-12-21 11:28:14.446root 11241100x8000000000000000532599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829094682cc7f6752021-12-21 11:28:14.446root 11241100x8000000000000000532600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4ad77de9fcc66c2021-12-21 11:28:14.446root 11241100x8000000000000000532601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa10e1e8d6f5d7812021-12-21 11:28:14.942root 11241100x8000000000000000532602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015d0731d2e37982021-12-21 11:28:14.943root 11241100x8000000000000000532603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb9a8010563dfb2021-12-21 11:28:14.943root 11241100x8000000000000000532604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2506f857494102021-12-21 11:28:14.943root 11241100x8000000000000000532605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2b588e75880672021-12-21 11:28:14.943root 11241100x8000000000000000532606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0124023035f476d2021-12-21 11:28:14.943root 11241100x8000000000000000532607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d22e4c88b5260472021-12-21 11:28:14.943root 11241100x8000000000000000532608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe2af395255bade2021-12-21 11:28:14.943root 11241100x8000000000000000532609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce57a448e2ccdef2021-12-21 11:28:14.943root 11241100x8000000000000000532610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d46fb5dd3065ba82021-12-21 11:28:14.944root 11241100x8000000000000000532611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f38cfa74ef9337d2021-12-21 11:28:14.944root 11241100x8000000000000000532612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1bee7c03777a942021-12-21 11:28:14.946root 11241100x8000000000000000532613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705af2f43fda811c2021-12-21 11:28:14.946root 11241100x8000000000000000532614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0155cfadfeaae4292021-12-21 11:28:14.946root 11241100x8000000000000000532615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c42edbf88dce2f2021-12-21 11:28:14.946root 11241100x8000000000000000532616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ce934a76b28ea02021-12-21 11:28:14.946root 11241100x8000000000000000532617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f637354cc64d9e2021-12-21 11:28:14.947root 11241100x8000000000000000532618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36e893dc9fa9c3f2021-12-21 11:28:14.947root 11241100x8000000000000000532619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b43388c9acb29cf2021-12-21 11:28:14.947root 11241100x8000000000000000532620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abd6b9250cf4f12021-12-21 11:28:14.947root 11241100x8000000000000000532621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b785ba2363bba8122021-12-21 11:28:14.947root 11241100x8000000000000000532622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c7fb19ed0736192021-12-21 11:28:14.947root 11241100x8000000000000000532623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f72479195257ea12021-12-21 11:28:14.947root 11241100x8000000000000000532624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ed1bfeb2a2e47e2021-12-21 11:28:14.947root 11241100x8000000000000000532625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1c62429bb301b92021-12-21 11:28:14.947root 11241100x8000000000000000532626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e42ca5bcb0264e82021-12-21 11:28:14.948root 11241100x8000000000000000532627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa69f7f75ad45bf2021-12-21 11:28:14.948root 11241100x8000000000000000532628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f821f51701a9c32021-12-21 11:28:14.948root 11241100x8000000000000000532629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef22641eb49b95602021-12-21 11:28:14.948root 11241100x8000000000000000532630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7db97109c7fc9a2021-12-21 11:28:14.948root 11241100x8000000000000000532631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194b8601b0f4d3532021-12-21 11:28:14.948root 11241100x8000000000000000532632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d7bde5ce2d59442021-12-21 11:28:14.948root 11241100x8000000000000000532633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3480f85396ceb71c2021-12-21 11:28:14.948root 11241100x8000000000000000532634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0de2246a135792021-12-21 11:28:14.948root 11241100x8000000000000000532635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a72380a11cae5c2021-12-21 11:28:14.948root 11241100x8000000000000000532636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e005006dd7b7782021-12-21 11:28:15.442root 11241100x8000000000000000532637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcaa2370c5c592f2021-12-21 11:28:15.443root 11241100x8000000000000000532638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640b2c04788e5252021-12-21 11:28:15.443root 11241100x8000000000000000532639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e567eb0a87aa592021-12-21 11:28:15.443root 11241100x8000000000000000532640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad8847f87a865e22021-12-21 11:28:15.443root 11241100x8000000000000000532641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15326e5c14c0fdde2021-12-21 11:28:15.443root 11241100x8000000000000000532642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e57c697c6de6e962021-12-21 11:28:15.443root 11241100x8000000000000000532643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657cdc65d377171e2021-12-21 11:28:15.443root 11241100x8000000000000000532644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac4c342b671cbed2021-12-21 11:28:15.443root 11241100x8000000000000000532645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064c5e4c3266c6e82021-12-21 11:28:15.443root 11241100x8000000000000000532646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762d7b4d7e110f792021-12-21 11:28:15.443root 11241100x8000000000000000532647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7386dd263637efc62021-12-21 11:28:15.444root 11241100x8000000000000000532648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e95f057e12b9092021-12-21 11:28:15.444root 11241100x8000000000000000532649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f3ee83d06fcbd22021-12-21 11:28:15.444root 11241100x8000000000000000532650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a254f80d4f9b232021-12-21 11:28:15.444root 11241100x8000000000000000532651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4227b704a408c5a02021-12-21 11:28:15.444root 11241100x8000000000000000532652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51b4a0f559f51c12021-12-21 11:28:15.444root 11241100x8000000000000000532653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021e8609ba7111d2021-12-21 11:28:15.444root 11241100x8000000000000000532654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f557d07f2c65c02021-12-21 11:28:15.444root 11241100x8000000000000000532655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4dfd44557354bf2021-12-21 11:28:15.444root 11241100x8000000000000000532656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad33da1762623852021-12-21 11:28:15.444root 11241100x8000000000000000532657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b01b5b363dc9182021-12-21 11:28:15.445root 11241100x8000000000000000532658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377532c02747a94a2021-12-21 11:28:15.445root 11241100x8000000000000000532659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0c4ab01f0507a32021-12-21 11:28:15.445root 11241100x8000000000000000532660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b1e07f57822f362021-12-21 11:28:15.445root 11241100x8000000000000000532661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3310766131941a8c2021-12-21 11:28:15.445root 11241100x8000000000000000532662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e1c9776f4e0852021-12-21 11:28:15.445root 11241100x8000000000000000532663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181a5dee525a40dc2021-12-21 11:28:15.445root 11241100x8000000000000000532664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b76ace612c0bde02021-12-21 11:28:15.445root 11241100x8000000000000000532665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c229192f8485782021-12-21 11:28:15.446root 11241100x8000000000000000532666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bd05d6e62461842021-12-21 11:28:15.943root 11241100x8000000000000000532667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75b740f11a0e0872021-12-21 11:28:15.943root 11241100x8000000000000000532668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6067b71e92b23f2021-12-21 11:28:15.943root 11241100x8000000000000000532669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514fb88c46c1d2a42021-12-21 11:28:15.943root 11241100x8000000000000000532670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27712351ae367c932021-12-21 11:28:15.944root 11241100x8000000000000000532671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233e330fb3b3a06e2021-12-21 11:28:15.944root 11241100x8000000000000000532672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f496831b12061f2021-12-21 11:28:15.944root 11241100x8000000000000000532673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772ec55c2ad133292021-12-21 11:28:15.944root 11241100x8000000000000000532674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef4b867e173555e2021-12-21 11:28:15.944root 11241100x8000000000000000532675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75474dcca8a9bf2021-12-21 11:28:15.944root 11241100x8000000000000000532676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af248a12863439cc2021-12-21 11:28:15.944root 11241100x8000000000000000532677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915e7927be933ff2021-12-21 11:28:15.944root 11241100x8000000000000000532678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458cd4e0aac8b2ee2021-12-21 11:28:15.944root 11241100x8000000000000000532679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a46488a01e41fda2021-12-21 11:28:15.944root 11241100x8000000000000000532680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4898f181466040702021-12-21 11:28:15.944root 11241100x8000000000000000532681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0fd744214406902021-12-21 11:28:15.944root 11241100x8000000000000000532682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acf4cb546e21efd2021-12-21 11:28:15.944root 11241100x8000000000000000532683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9643b2fda5c071f52021-12-21 11:28:15.944root 11241100x8000000000000000532684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61b29a2925dcb112021-12-21 11:28:15.944root 11241100x8000000000000000532685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c4eccfcf571bb92021-12-21 11:28:15.945root 11241100x8000000000000000532686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692d45e7d12547912021-12-21 11:28:15.945root 11241100x8000000000000000532687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeaf90b3f7dc6562021-12-21 11:28:15.945root 11241100x8000000000000000532688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b4b5c9bc1afb402021-12-21 11:28:15.945root 11241100x8000000000000000532689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e71d0d3ef75ca2021-12-21 11:28:15.945root 354300x8000000000000000532690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.227{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48584-false10.0.1.12-8000- 11241100x8000000000000000532691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc3c569406a87842021-12-21 11:28:16.228root 11241100x8000000000000000532692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5481f29e8858b4f2021-12-21 11:28:16.228root 11241100x8000000000000000532693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2392a5613fa826802021-12-21 11:28:16.228root 11241100x8000000000000000532694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2be26675671dd6b2021-12-21 11:28:16.228root 11241100x8000000000000000532695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5eb3df426546302021-12-21 11:28:16.228root 11241100x8000000000000000532696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9be11cf97307982021-12-21 11:28:16.229root 11241100x8000000000000000532697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db9a0c07bec50df2021-12-21 11:28:16.229root 11241100x8000000000000000532698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc1866d6fbb428b2021-12-21 11:28:16.229root 11241100x8000000000000000532699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65a060ca975c78f2021-12-21 11:28:16.229root 11241100x8000000000000000532700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d46054f3a6a97082021-12-21 11:28:16.229root 11241100x8000000000000000532701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc4611aed0c5d882021-12-21 11:28:16.229root 11241100x8000000000000000532702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42433fd795158fb62021-12-21 11:28:16.229root 11241100x8000000000000000532703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4660b3030fab6ad52021-12-21 11:28:16.229root 11241100x8000000000000000532704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c954902908f3282021-12-21 11:28:16.230root 11241100x8000000000000000532705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82d2b196a4e7e9a2021-12-21 11:28:16.230root 11241100x8000000000000000532706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78741cdab940902021-12-21 11:28:16.230root 11241100x8000000000000000532707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf96edd500ba6d782021-12-21 11:28:16.230root 11241100x8000000000000000532708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5268f7b3b456d82021-12-21 11:28:16.231root 11241100x8000000000000000532709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a268d8091ccd0fd32021-12-21 11:28:16.231root 11241100x8000000000000000532710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b99bc1b0090d072021-12-21 11:28:16.231root 11241100x8000000000000000532711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cb065ca9b26eab2021-12-21 11:28:16.232root 11241100x8000000000000000532712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a12d75ffbb856e2021-12-21 11:28:16.232root 11241100x8000000000000000532713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ffee5fbf7d4a852021-12-21 11:28:16.233root 11241100x8000000000000000532714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3a324002997f22021-12-21 11:28:16.233root 11241100x8000000000000000532715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3c5c3c6fbb770a2021-12-21 11:28:16.233root 11241100x8000000000000000532716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fead5a3558033c752021-12-21 11:28:16.233root 11241100x8000000000000000532717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1d56957df919bc2021-12-21 11:28:16.234root 11241100x8000000000000000532718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767abc802ef33b212021-12-21 11:28:16.234root 11241100x8000000000000000532719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e57f13280e9bb52021-12-21 11:28:16.235root 11241100x8000000000000000532720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f96d62654eafba2021-12-21 11:28:16.693root 11241100x8000000000000000532721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd443d696a2b58a2021-12-21 11:28:16.693root 11241100x8000000000000000532722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fab380b4fd36c792021-12-21 11:28:16.693root 11241100x8000000000000000532723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1154ecb17ed29472021-12-21 11:28:16.693root 11241100x8000000000000000532724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86143f07929b20d32021-12-21 11:28:16.693root 11241100x8000000000000000532725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9e40e41b92135b2021-12-21 11:28:16.693root 11241100x8000000000000000532726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa1e518e2264a72021-12-21 11:28:16.693root 11241100x8000000000000000532727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b19a37902995f12021-12-21 11:28:16.693root 11241100x8000000000000000532728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8cc8364ba91f052021-12-21 11:28:16.693root 11241100x8000000000000000532729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cae4baf8de029d2021-12-21 11:28:16.693root 11241100x8000000000000000532730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927575c5ae7350e22021-12-21 11:28:16.694root 11241100x8000000000000000532731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa6af641bc0dcbd2021-12-21 11:28:16.694root 11241100x8000000000000000532732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1d2b508a5dfda52021-12-21 11:28:16.694root 11241100x8000000000000000532733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0940857881708db72021-12-21 11:28:16.694root 11241100x8000000000000000532734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994202faf63a78c22021-12-21 11:28:16.694root 354300x8000000000000000532763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:25.462{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35652-false10.0.1.12-8089- 11241100x8000000000000000532764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94956617917a90c2021-12-21 11:28:25.942root 11241100x8000000000000000532765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d823720578cb721d2021-12-21 11:28:26.442root 11241100x8000000000000000532766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931d2715c48820dd2021-12-21 11:28:26.942root 354300x8000000000000000532767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:27.072{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48590-false10.0.1.12-8000- 11241100x8000000000000000532768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:27.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5afb1e5fec5a2c2021-12-21 11:28:27.442root 11241100x8000000000000000532769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b14ab669c66c2ec2021-12-21 11:28:27.443root 11241100x8000000000000000532770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7271528717b48c6e2021-12-21 11:28:27.942root 11241100x8000000000000000532771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad98f23f238f70a2021-12-21 11:28:27.943root 11241100x8000000000000000532772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db6fa2fc5785b952021-12-21 11:28:28.443root 11241100x8000000000000000532773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadf435c9980baa62021-12-21 11:28:28.443root 11241100x8000000000000000532774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ebc33f99fb45542021-12-21 11:28:28.942root 11241100x8000000000000000532775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822accd4e05d5b992021-12-21 11:28:28.943root 11241100x8000000000000000532776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e51565caee38a2021-12-21 11:28:29.442root 11241100x8000000000000000532777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2f1dad2f09adc12021-12-21 11:28:29.443root 11241100x8000000000000000532778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c521fde0e75b27ac2021-12-21 11:28:29.942root 11241100x8000000000000000532779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19161c2bbd223c362021-12-21 11:28:29.943root 11241100x8000000000000000532780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9d35ac846e5992021-12-21 11:28:30.442root 11241100x8000000000000000532781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200c23319c9d6262021-12-21 11:28:30.443root 11241100x8000000000000000532782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382b1e9a2c87a2212021-12-21 11:28:30.942root 11241100x8000000000000000532783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6417ff932925b7fd2021-12-21 11:28:30.943root 11241100x8000000000000000532784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35750cfa4748ecf22021-12-21 11:28:31.442root 11241100x8000000000000000532785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf0d8efda2a06b22021-12-21 11:28:31.443root 11241100x8000000000000000532786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e95c2a210f2c612021-12-21 11:28:31.942root 11241100x8000000000000000532787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2514ac7677e36f302021-12-21 11:28:31.943root 354300x8000000000000000532788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.243{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48592-false10.0.1.12-8000- 11241100x8000000000000000532789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8531dd15627234b2021-12-21 11:28:32.244root 11241100x8000000000000000532790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efca90a95f71ba302021-12-21 11:28:32.244root 11241100x8000000000000000532791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71492421c374e0a2021-12-21 11:28:32.245root 11241100x8000000000000000532792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226968f986eababb2021-12-21 11:28:32.693root 11241100x8000000000000000532793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c93a7b8b06045842021-12-21 11:28:32.693root 11241100x8000000000000000532794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9d63b1001a23e72021-12-21 11:28:32.693root 11241100x8000000000000000532795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:33.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6a92d87510e5f22021-12-21 11:28:33.192root 11241100x8000000000000000532796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392cf2a125dd53e12021-12-21 11:28:33.193root 11241100x8000000000000000532797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b198be5695fea2762021-12-21 11:28:33.193root 11241100x8000000000000000532798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:33.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3058a4981fc3ce6d2021-12-21 11:28:33.692root 11241100x8000000000000000532799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345580b620ffe60a2021-12-21 11:28:33.693root 11241100x8000000000000000532800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1207f0a46b5272021-12-21 11:28:33.693root 11241100x8000000000000000532801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:34.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec398cc844423ca2021-12-21 11:28:34.192root 11241100x8000000000000000532802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f484f58900c7843e2021-12-21 11:28:34.193root 11241100x8000000000000000532803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ee90d5fa01f2272021-12-21 11:28:34.193root 11241100x8000000000000000532804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:34.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d7f9ac195d07952021-12-21 11:28:34.692root 11241100x8000000000000000532805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537e1f171ccf33492021-12-21 11:28:34.693root 11241100x8000000000000000532806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b0337a31ac404d2021-12-21 11:28:34.693root 11241100x8000000000000000532807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:35.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296c0f0ac3d46cd52021-12-21 11:28:35.192root 11241100x8000000000000000532808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adea5007b23b1b02021-12-21 11:28:35.193root 11241100x8000000000000000532809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6677cd44532b4662021-12-21 11:28:35.193root 11241100x8000000000000000532810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:35.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db89e33ad7385add2021-12-21 11:28:35.692root 11241100x8000000000000000532811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24067c638e09e742021-12-21 11:28:35.693root 11241100x8000000000000000532812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dce1e03a4057632021-12-21 11:28:35.693root 11241100x8000000000000000532813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8204bf0e699833b42021-12-21 11:28:36.192root 11241100x8000000000000000532814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53acd024a9b7d2f52021-12-21 11:28:36.193root 11241100x8000000000000000532815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eec45663ed9be42021-12-21 11:28:36.193root 11241100x8000000000000000532816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:28:36.327root 11241100x8000000000000000532817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45a68de87301b422021-12-21 11:28:36.692root 11241100x8000000000000000532818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629285b33012cbc52021-12-21 11:28:36.693root 11241100x8000000000000000532819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3f156ee280956c2021-12-21 11:28:36.693root 11241100x8000000000000000532820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b0ee623871b1052021-12-21 11:28:36.693root 11241100x8000000000000000532821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24d285b523737e2021-12-21 11:28:37.192root 11241100x8000000000000000532822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9a58fa325630ad2021-12-21 11:28:37.193root 11241100x8000000000000000532823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6335706e12be9d9e2021-12-21 11:28:37.193root 11241100x8000000000000000532824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e627d39af4a8e1fa2021-12-21 11:28:37.193root 11241100x8000000000000000532825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faa0aae50f2a2712021-12-21 11:28:37.692root 11241100x8000000000000000532826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ea7e3c0587f5852021-12-21 11:28:37.693root 11241100x8000000000000000532827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146665fba95ecadf2021-12-21 11:28:37.693root 11241100x8000000000000000532828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364782cf72acd4b32021-12-21 11:28:37.693root 354300x8000000000000000532829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.083{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48594-false10.0.1.12-8000- 11241100x8000000000000000532830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c726ef7d39883fe52021-12-21 11:28:38.084root 11241100x8000000000000000532831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d08f2a51e0569e2021-12-21 11:28:38.084root 11241100x8000000000000000532832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b665f2661c5dea2021-12-21 11:28:38.084root 11241100x8000000000000000532833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa524f2f08f6d0802021-12-21 11:28:38.085root 11241100x8000000000000000532834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe4700b067cb4c2021-12-21 11:28:38.442root 11241100x8000000000000000532835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ede0a0e92d5804a2021-12-21 11:28:38.443root 11241100x8000000000000000532836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764294b38c293fbb2021-12-21 11:28:38.443root 11241100x8000000000000000532837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e0a95dff30bb242021-12-21 11:28:38.443root 11241100x8000000000000000532838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274a7d91a98070f22021-12-21 11:28:38.444root 11241100x8000000000000000532839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef32e11533074972021-12-21 11:28:38.942root 11241100x8000000000000000532840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7916110e5bd1945e2021-12-21 11:28:38.943root 11241100x8000000000000000532841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e17f7cc469db68d2021-12-21 11:28:38.943root 11241100x8000000000000000532842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488760b608fb6e132021-12-21 11:28:38.943root 11241100x8000000000000000532843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a971ff749aa41732021-12-21 11:28:38.944root 23542300x8000000000000000532844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000532845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849754d63327e3692021-12-21 11:28:39.330root 11241100x8000000000000000532846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03344a2913e6dcd2021-12-21 11:28:39.330root 11241100x8000000000000000532847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6008e46393b86e7f2021-12-21 11:28:39.330root 11241100x8000000000000000532848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20d894cc0e94f4e2021-12-21 11:28:39.330root 11241100x8000000000000000532849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e99fb4ceaf53e902021-12-21 11:28:39.330root 11241100x8000000000000000532850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3794e2b12fcd21db2021-12-21 11:28:39.330root 11241100x8000000000000000532851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52aa61659cf71002021-12-21 11:28:39.693root 11241100x8000000000000000532852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8604b5088585f82021-12-21 11:28:39.693root 11241100x8000000000000000532853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c283b9e770a8ca332021-12-21 11:28:39.693root 11241100x8000000000000000532854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a872d1d36a91f02021-12-21 11:28:39.694root 11241100x8000000000000000532855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12f2aa72ce2f4ce2021-12-21 11:28:39.694root 11241100x8000000000000000532856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1ae71b0675d4da2021-12-21 11:28:39.694root 11241100x8000000000000000532857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33867d3984fc0e582021-12-21 11:28:40.193root 11241100x8000000000000000532858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b451893aff4b2dd2021-12-21 11:28:40.193root 11241100x8000000000000000532859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8715d3167b325a4d2021-12-21 11:28:40.193root 11241100x8000000000000000532860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a5cd40b52671a22021-12-21 11:28:40.194root 11241100x8000000000000000532861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5b6e551c98b2622021-12-21 11:28:40.194root 11241100x8000000000000000532862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1032c9024df7b22021-12-21 11:28:40.194root 11241100x8000000000000000532863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1420fbfbfb3328fa2021-12-21 11:28:40.693root 11241100x8000000000000000532864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4287d77de68a0c4e2021-12-21 11:28:40.693root 11241100x8000000000000000532865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6ba4514a5b40632021-12-21 11:28:40.693root 11241100x8000000000000000532866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555b66e4e87fdd312021-12-21 11:28:40.693root 11241100x8000000000000000532867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502aaf0f294567d22021-12-21 11:28:40.694root 11241100x8000000000000000532868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a358241cd476542021-12-21 11:28:40.694root 11241100x8000000000000000532869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb4a088c52b785a2021-12-21 11:28:41.193root 11241100x8000000000000000532870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5087512f893c839c2021-12-21 11:28:41.193root 11241100x8000000000000000532871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fb269c3d30ff252021-12-21 11:28:41.193root 11241100x8000000000000000532872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dca3d6314e56402021-12-21 11:28:41.193root 11241100x8000000000000000532873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c0490e2a60a9f2021-12-21 11:28:41.194root 11241100x8000000000000000532874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5b631cfe6e22862021-12-21 11:28:41.194root 11241100x8000000000000000532875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200cab9e9f0f3ef42021-12-21 11:28:41.693root 11241100x8000000000000000532876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2913b87577e3fbaf2021-12-21 11:28:41.693root 11241100x8000000000000000532877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027b18e3137cc43c2021-12-21 11:28:41.693root 11241100x8000000000000000532878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35309cb0f4409202021-12-21 11:28:41.693root 11241100x8000000000000000532879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d2ceab5c08e492021-12-21 11:28:41.694root 11241100x8000000000000000532880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df884af3120f1e602021-12-21 11:28:41.694root 11241100x8000000000000000532881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75960d05d346c9782021-12-21 11:28:42.193root 11241100x8000000000000000532882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568122fd84d33b312021-12-21 11:28:42.193root 11241100x8000000000000000532883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a65b8fa41d196aa2021-12-21 11:28:42.193root 11241100x8000000000000000532884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f0a896aa0ad302021-12-21 11:28:42.193root 11241100x8000000000000000532885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a246943a1c0d20912021-12-21 11:28:42.193root 11241100x8000000000000000532886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7779c1ca4a176d2021-12-21 11:28:42.193root 11241100x8000000000000000532887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9379bf4d7649cbdc2021-12-21 11:28:42.693root 11241100x8000000000000000532888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740b94c524036072021-12-21 11:28:42.693root 11241100x8000000000000000532889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825261fb33f0f8052021-12-21 11:28:42.693root 11241100x8000000000000000532890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a6ff339737fa932021-12-21 11:28:42.693root 11241100x8000000000000000532891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743deb64b0d66bb2021-12-21 11:28:42.693root 11241100x8000000000000000532892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f96f8b301cfea942021-12-21 11:28:42.693root 354300x8000000000000000532893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.190{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48596-false10.0.1.12-8000- 11241100x8000000000000000532894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cba59423c96e9e2021-12-21 11:28:43.190root 11241100x8000000000000000532895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e88a0e91dd4fb22021-12-21 11:28:43.190root 11241100x8000000000000000532896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90df7e5cd40e80112021-12-21 11:28:43.191root 11241100x8000000000000000532897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cb6a848e7fd3352021-12-21 11:28:43.191root 11241100x8000000000000000532898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaf914ad15911dc2021-12-21 11:28:43.191root 11241100x8000000000000000532899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de838bebee3cf6062021-12-21 11:28:43.191root 11241100x8000000000000000532900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5249541f6821d5bb2021-12-21 11:28:43.191root 11241100x8000000000000000532901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdfc15f2adf17822021-12-21 11:28:43.443root 11241100x8000000000000000532902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d2b2009fabf4f72021-12-21 11:28:43.443root 11241100x8000000000000000532903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa80152f5d585782021-12-21 11:28:43.443root 11241100x8000000000000000532904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0333cf59c6fee192021-12-21 11:28:43.443root 11241100x8000000000000000532905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012d42a052622a02021-12-21 11:28:43.443root 11241100x8000000000000000532906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ba954204eb42602021-12-21 11:28:43.443root 11241100x8000000000000000532907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8704c9826c53ffe2021-12-21 11:28:43.443root 11241100x8000000000000000532908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7462ea4c51e81d092021-12-21 11:28:43.943root 11241100x8000000000000000532909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed3013cd033971d2021-12-21 11:28:43.943root 11241100x8000000000000000532910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd32ac7328283512021-12-21 11:28:43.943root 11241100x8000000000000000532911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af808ec444dcb12021-12-21 11:28:43.943root 11241100x8000000000000000532912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e614be0b012d8082021-12-21 11:28:43.943root 11241100x8000000000000000532913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dd7da6f03825e92021-12-21 11:28:43.943root 11241100x8000000000000000532914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384f80303c1640bb2021-12-21 11:28:43.943root 11241100x8000000000000000532915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba0a8a78072c8b22021-12-21 11:28:44.443root 11241100x8000000000000000532916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab2baeffd36057e2021-12-21 11:28:44.443root 11241100x8000000000000000532917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d30a595067b5fc2021-12-21 11:28:44.443root 11241100x8000000000000000532918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c13effdd49113bc2021-12-21 11:28:44.443root 11241100x8000000000000000532919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7591c986138acf92021-12-21 11:28:44.443root 11241100x8000000000000000532920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe013327ea249882021-12-21 11:28:44.443root 11241100x8000000000000000532921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bee62c881942a402021-12-21 11:28:44.443root 11241100x8000000000000000532922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da00c20d90f90c3b2021-12-21 11:28:44.943root 11241100x8000000000000000532923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8d81be71b391572021-12-21 11:28:44.943root 11241100x8000000000000000532924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9a4f090ecc21b82021-12-21 11:28:44.943root 11241100x8000000000000000532925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6172a05ccb8700122021-12-21 11:28:44.943root 11241100x8000000000000000532926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e12f33ddbe7a6b92021-12-21 11:28:44.943root 11241100x8000000000000000532927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1c78f208d921172021-12-21 11:28:44.943root 11241100x8000000000000000532928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae32163817718fe2021-12-21 11:28:44.943root 11241100x8000000000000000532929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beb5083336d855c2021-12-21 11:28:45.443root 11241100x8000000000000000532930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c394ebda5d59fc2021-12-21 11:28:45.443root 11241100x8000000000000000532931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ba6a54bfcc01d62021-12-21 11:28:45.443root 11241100x8000000000000000532932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324a8368362ad7052021-12-21 11:28:45.443root 11241100x8000000000000000532933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad14e74dbd6742db2021-12-21 11:28:45.443root 11241100x8000000000000000532934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc093640fdb2cba92021-12-21 11:28:45.443root 11241100x8000000000000000532935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0b97d6e58e064d2021-12-21 11:28:45.443root 11241100x8000000000000000532936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60735c48ca674a2021-12-21 11:28:45.943root 11241100x8000000000000000532937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe7c335b03afd502021-12-21 11:28:45.943root 11241100x8000000000000000532938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376318397202f1422021-12-21 11:28:45.943root 11241100x8000000000000000532939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85166278c337ddfa2021-12-21 11:28:45.943root 11241100x8000000000000000532940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5469bc7d7a1f90442021-12-21 11:28:45.943root 11241100x8000000000000000532941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fdf2214f4436692021-12-21 11:28:45.943root 11241100x8000000000000000532942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f1aaddf1256f2d2021-12-21 11:28:45.943root 11241100x8000000000000000532943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2d22c8cdc00f072021-12-21 11:28:46.443root 11241100x8000000000000000532944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2adf85f2a56ae22021-12-21 11:28:46.443root 11241100x8000000000000000532945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5f9ca95998ce822021-12-21 11:28:46.443root 11241100x8000000000000000532946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d208f2bde98d649b2021-12-21 11:28:46.443root 11241100x8000000000000000532947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a9ff11203013212021-12-21 11:28:46.443root 11241100x8000000000000000532948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aff6625160a0242021-12-21 11:28:46.443root 11241100x8000000000000000532949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bdf1913cfc2a9d2021-12-21 11:28:46.443root 11241100x8000000000000000532950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482fcb18d106f6592021-12-21 11:28:46.943root 11241100x8000000000000000532951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9958a794d41a9a6c2021-12-21 11:28:46.943root 11241100x8000000000000000532952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb570d88d3615d42021-12-21 11:28:46.943root 11241100x8000000000000000532953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a091d379440389192021-12-21 11:28:46.943root 11241100x8000000000000000532954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa908369500bba142021-12-21 11:28:46.943root 11241100x8000000000000000532955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed651c713ca7f8c2021-12-21 11:28:46.943root 11241100x8000000000000000532956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d0cc093c6e76a12021-12-21 11:28:46.943root 11241100x8000000000000000532957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ff467df3a0a1a72021-12-21 11:28:47.443root 11241100x8000000000000000532958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e7d59a68e3e5d92021-12-21 11:28:47.443root 11241100x8000000000000000532959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be612d20734249e42021-12-21 11:28:47.443root 11241100x8000000000000000532960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393a253e8eccf4dd2021-12-21 11:28:47.443root 11241100x8000000000000000532961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbea0c59c8e6dca2021-12-21 11:28:47.443root 11241100x8000000000000000532962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4dbf34f7fda3d2021-12-21 11:28:47.443root 11241100x8000000000000000532963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07d7d2d0cd4c15b2021-12-21 11:28:47.443root 11241100x8000000000000000532964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d62205db6206d202021-12-21 11:28:47.943root 11241100x8000000000000000532965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b907641f171d2042021-12-21 11:28:47.943root 11241100x8000000000000000532966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de003e00e778e3142021-12-21 11:28:47.943root 11241100x8000000000000000532967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1e5731ce5b1da12021-12-21 11:28:47.943root 11241100x8000000000000000532968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dab00054487a12e2021-12-21 11:28:47.943root 11241100x8000000000000000532969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f86ff967e0b73b2021-12-21 11:28:47.943root 11241100x8000000000000000532970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf3c917b85965e72021-12-21 11:28:47.943root 11241100x8000000000000000532971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc234557f77505da2021-12-21 11:28:48.443root 11241100x8000000000000000532972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36036877a4c7e55c2021-12-21 11:28:48.443root 11241100x8000000000000000532973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738e2b4078ff732a2021-12-21 11:28:48.443root 11241100x8000000000000000532974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c98e7b3044ab252021-12-21 11:28:48.443root 11241100x8000000000000000532975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4387221175b5732021-12-21 11:28:48.443root 11241100x8000000000000000532976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb2ea22313a95b22021-12-21 11:28:48.443root 11241100x8000000000000000532977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ce301e96f45112021-12-21 11:28:48.443root 11241100x8000000000000000532978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386acb4d6d752a492021-12-21 11:28:48.943root 11241100x8000000000000000532979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3a5f400d79e3782021-12-21 11:28:48.943root 11241100x8000000000000000532980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6878e87b3ee5c42021-12-21 11:28:48.943root 11241100x8000000000000000532981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f8630649653dc2021-12-21 11:28:48.943root 11241100x8000000000000000532982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5787a7cbed1b67b2021-12-21 11:28:48.943root 11241100x8000000000000000532983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72835cdc4cfc73b2021-12-21 11:28:48.944root 11241100x8000000000000000532984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af49ba7c93fa902021-12-21 11:28:48.944root 354300x8000000000000000532985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48598-false10.0.1.12-8000- 11241100x8000000000000000532986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9633c2f80c48e8f22021-12-21 11:28:49.443root 11241100x8000000000000000532987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d957cb6bef1d012021-12-21 11:28:49.443root 11241100x8000000000000000532988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b48e93d86a9932021-12-21 11:28:49.443root 11241100x8000000000000000532989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d562ae6ff631bad2021-12-21 11:28:49.443root 11241100x8000000000000000532990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a7c19bed42554a2021-12-21 11:28:49.443root 11241100x8000000000000000532991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f3945d7fb6ee212021-12-21 11:28:49.443root 11241100x8000000000000000532992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8810460213589d2021-12-21 11:28:49.443root 11241100x8000000000000000532993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3a13abc01c3f612021-12-21 11:28:49.443root 11241100x8000000000000000532994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5622ec454393a972021-12-21 11:28:49.943root 11241100x8000000000000000532995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e24c3c783cde1f2021-12-21 11:28:49.943root 11241100x8000000000000000532996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79c2cdf9470dd9e2021-12-21 11:28:49.943root 11241100x8000000000000000532997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2a715ff3bf8d92021-12-21 11:28:49.943root 11241100x8000000000000000532998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbffd8de194ddfd2021-12-21 11:28:49.943root 11241100x8000000000000000532999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a18fe0bfe15ab452021-12-21 11:28:49.943root 11241100x8000000000000000533000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d1ac56fa7a28122021-12-21 11:28:49.943root 11241100x8000000000000000533001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1286f8eaea7d5e072021-12-21 11:28:49.943root 11241100x8000000000000000533002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbd32a55d89ee4a2021-12-21 11:28:50.443root 11241100x8000000000000000533003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6773138e130357862021-12-21 11:28:50.443root 11241100x8000000000000000533004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cdf8c6ac162d492021-12-21 11:28:50.443root 11241100x8000000000000000533005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754d86b4aa3a15982021-12-21 11:28:50.443root 11241100x8000000000000000533006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94a3d35c0fb6542021-12-21 11:28:50.443root 11241100x8000000000000000533007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb1f38807900fff2021-12-21 11:28:50.443root 11241100x8000000000000000533008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d499d75a18d3c22021-12-21 11:28:50.443root 11241100x8000000000000000533009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be64d48bd8fe68a2021-12-21 11:28:50.443root 11241100x8000000000000000533010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38354949b39373912021-12-21 11:28:50.943root 11241100x8000000000000000533011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a79741446e95c2021-12-21 11:28:50.943root 11241100x8000000000000000533012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517e3100bbd9215b2021-12-21 11:28:50.943root 11241100x8000000000000000533013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee58ffc15bcd262021-12-21 11:28:50.943root 11241100x8000000000000000533014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbef3c11cddec442021-12-21 11:28:50.944root 11241100x8000000000000000533015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6441e7fb4f29f52021-12-21 11:28:50.944root 11241100x8000000000000000533016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4aac8433dd2b162021-12-21 11:28:50.944root 11241100x8000000000000000533017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10263ff812ab70e42021-12-21 11:28:50.944root 11241100x8000000000000000533018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf6fb8a77d0e8712021-12-21 11:28:51.443root 11241100x8000000000000000533019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabea982c2752cfe2021-12-21 11:28:51.443root 11241100x8000000000000000533020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcb0c7d6b719fd12021-12-21 11:28:51.443root 11241100x8000000000000000533021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0081d511f3027a2021-12-21 11:28:51.443root 11241100x8000000000000000533022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd871e0b904157722021-12-21 11:28:51.443root 11241100x8000000000000000533023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9c0523bb71a09a2021-12-21 11:28:51.443root 11241100x8000000000000000533024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93479ca61392e3622021-12-21 11:28:51.443root 11241100x8000000000000000533025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3870044953bdf72021-12-21 11:28:51.444root 11241100x8000000000000000533026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983858e489585ddb2021-12-21 11:28:51.943root 11241100x8000000000000000533027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad905260d88ff47b2021-12-21 11:28:51.943root 11241100x8000000000000000533028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1b47ebefd92e52021-12-21 11:28:51.943root 11241100x8000000000000000533029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eedef466dc65a62021-12-21 11:28:51.943root 11241100x8000000000000000533030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a74b244ea0466302021-12-21 11:28:51.943root 11241100x8000000000000000533031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e494085e7f6a5c62021-12-21 11:28:51.943root 11241100x8000000000000000533032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f1c4816aa37eae2021-12-21 11:28:51.943root 11241100x8000000000000000533033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9347e875dfcd3eeb2021-12-21 11:28:51.943root 11241100x8000000000000000533034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe4ca7bafbd2ba2021-12-21 11:28:52.443root 11241100x8000000000000000533035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401114b3610772322021-12-21 11:28:52.443root 11241100x8000000000000000533036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e78a3a772cdeeb2021-12-21 11:28:52.443root 11241100x8000000000000000533037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f53f379fb73b8dd2021-12-21 11:28:52.443root 11241100x8000000000000000533038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f07099a67342642021-12-21 11:28:52.443root 11241100x8000000000000000533039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15407d9b31228cc2021-12-21 11:28:52.443root 11241100x8000000000000000533040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea1b0b157fd28962021-12-21 11:28:52.443root 11241100x8000000000000000533041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df24232ed6025ce2021-12-21 11:28:52.443root 11241100x8000000000000000533042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5da6c122d227042021-12-21 11:28:52.943root 11241100x8000000000000000533043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350ef63f7289d6692021-12-21 11:28:52.943root 11241100x8000000000000000533044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7337cb2606f015e2021-12-21 11:28:52.943root 11241100x8000000000000000533045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62a5948cd57ee7d2021-12-21 11:28:52.943root 11241100x8000000000000000533046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc4348faf90b2d62021-12-21 11:28:52.943root 11241100x8000000000000000533047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d370780d54e6912021-12-21 11:28:52.944root 11241100x8000000000000000533048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a88e80d342be7a2021-12-21 11:28:52.944root 11241100x8000000000000000533049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38a8302ad8968e82021-12-21 11:28:52.944root 11241100x8000000000000000533050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3d69e1d085b1802021-12-21 11:28:53.443root 11241100x8000000000000000533051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a695b7539f1255d72021-12-21 11:28:53.443root 11241100x8000000000000000533052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3c47fe1c5d27062021-12-21 11:28:53.443root 11241100x8000000000000000533053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c214dc3cb2ba4b2021-12-21 11:28:53.443root 11241100x8000000000000000533054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b36c9c12bc2d2252021-12-21 11:28:53.443root 11241100x8000000000000000533055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0ab7dbaeb7833f2021-12-21 11:28:53.443root 11241100x8000000000000000533056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f689dc7358a81abc2021-12-21 11:28:53.443root 11241100x8000000000000000533057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25494f792e682c5b2021-12-21 11:28:53.443root 11241100x8000000000000000533058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ce4ecdfff332fa2021-12-21 11:28:53.942root 11241100x8000000000000000533059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a6af2f311fa022021-12-21 11:28:53.943root 11241100x8000000000000000533060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffd8e60172ec2862021-12-21 11:28:53.943root 11241100x8000000000000000533061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b849b84de5e52c2021-12-21 11:28:53.943root 11241100x8000000000000000533062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cbbe8b55555fbb2021-12-21 11:28:53.943root 11241100x8000000000000000533063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfeefda674e24272021-12-21 11:28:53.943root 11241100x8000000000000000533064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569259695e81daac2021-12-21 11:28:53.943root 11241100x8000000000000000533065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edad64ea357d7af2021-12-21 11:28:53.943root 11241100x8000000000000000533066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8e4bd74a935ff82021-12-21 11:28:53.943root 11241100x8000000000000000533067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b843eff9f722b03b2021-12-21 11:28:53.944root 11241100x8000000000000000533068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a4ea35e89c94722021-12-21 11:28:53.944root 11241100x8000000000000000533069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3da1745263c4b082021-12-21 11:28:54.443root 11241100x8000000000000000533070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e9816d375f6dae2021-12-21 11:28:54.443root 11241100x8000000000000000533071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4c8ae5d6c08a82021-12-21 11:28:54.443root 11241100x8000000000000000533072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889d61351d5b13b82021-12-21 11:28:54.443root 11241100x8000000000000000533073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189e4fa7764a83132021-12-21 11:28:54.443root 11241100x8000000000000000533074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f62dd17fe695082021-12-21 11:28:54.443root 11241100x8000000000000000533075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a119c76ecfe293d2021-12-21 11:28:54.443root 11241100x8000000000000000533076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b4c5e1b1e9260c2021-12-21 11:28:54.443root 11241100x8000000000000000533077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55742380eb3cb31e2021-12-21 11:28:54.943root 11241100x8000000000000000533078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b45c1fe0db3b7f2021-12-21 11:28:54.943root 11241100x8000000000000000533079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e618c88d1aba3c2021-12-21 11:28:54.943root 11241100x8000000000000000533080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d78ffddd4ef9a22021-12-21 11:28:54.943root 11241100x8000000000000000533081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ed6070acbeb5472021-12-21 11:28:54.943root 11241100x8000000000000000533082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fac2e06bfa7a192021-12-21 11:28:54.943root 11241100x8000000000000000533083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e319902b3b9582021-12-21 11:28:54.943root 11241100x8000000000000000533084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f06ec663bb6d052021-12-21 11:28:54.943root 354300x8000000000000000533085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.034{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48600-false10.0.1.12-8000- 11241100x8000000000000000533086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fcc3d2cf77f6112021-12-21 11:28:55.443root 11241100x8000000000000000533087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10909a3dff0029d62021-12-21 11:28:55.443root 11241100x8000000000000000533088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c814d7aee91c33d2021-12-21 11:28:55.443root 11241100x8000000000000000533089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cf6eb22d2985862021-12-21 11:28:55.443root 11241100x8000000000000000533090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b7f6b1f17355c02021-12-21 11:28:55.443root 11241100x8000000000000000533091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143784fd5bf9b2c62021-12-21 11:28:55.443root 11241100x8000000000000000533092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc571e7c96947c62021-12-21 11:28:55.443root 11241100x8000000000000000533093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdede3a0659bceab2021-12-21 11:28:55.443root 11241100x8000000000000000533094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a73a11a5cae0c82021-12-21 11:28:55.443root 11241100x8000000000000000533095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94147a0c1f5f97e2021-12-21 11:28:55.943root 11241100x8000000000000000533096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cc054e07fdd2ee2021-12-21 11:28:55.943root 11241100x8000000000000000533097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efa160a7d1a9c842021-12-21 11:28:55.943root 11241100x8000000000000000533098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0717c09bd86f082021-12-21 11:28:55.943root 11241100x8000000000000000533099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfbe92b65de27742021-12-21 11:28:55.943root 11241100x8000000000000000533100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceabe14cab2f78402021-12-21 11:28:55.943root 11241100x8000000000000000533101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be29ff1b01235e52021-12-21 11:28:55.943root 11241100x8000000000000000533102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab30eaf3b99ae242021-12-21 11:28:55.943root 11241100x8000000000000000533103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a81f60fad4e73a2021-12-21 11:28:55.943root 11241100x8000000000000000533104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb2d0e40eb367182021-12-21 11:28:56.443root 11241100x8000000000000000533105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2fcf45f360ebbf2021-12-21 11:28:56.443root 11241100x8000000000000000533106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef18171329389542021-12-21 11:28:56.443root 11241100x8000000000000000533107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46916d00b52adb582021-12-21 11:28:56.443root 11241100x8000000000000000533108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62bf928896b7c62021-12-21 11:28:56.443root 11241100x8000000000000000533109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2667d502dca468952021-12-21 11:28:56.443root 11241100x8000000000000000533110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc528eb44f8ae1cb2021-12-21 11:28:56.443root 11241100x8000000000000000533111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570a9c2f1ddae64c2021-12-21 11:28:56.443root 11241100x8000000000000000533112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e00da5c68a2ab72021-12-21 11:28:56.443root 11241100x8000000000000000533113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c5dc95bb6b54542021-12-21 11:28:56.943root 11241100x8000000000000000533114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72628b7f10d6181b2021-12-21 11:28:56.943root 11241100x8000000000000000533115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f258a91ecc8946b72021-12-21 11:28:56.943root 11241100x8000000000000000533116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ec74e9c1ec48f22021-12-21 11:28:56.943root 11241100x8000000000000000533117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b799350d18898fd82021-12-21 11:28:56.943root 11241100x8000000000000000533118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5cd15d06c3fd122021-12-21 11:28:56.943root 11241100x8000000000000000533119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60cdf907a573e992021-12-21 11:28:56.943root 11241100x8000000000000000533120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218dcba7850170c2021-12-21 11:28:56.943root 11241100x8000000000000000533121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f32e8c922127e12021-12-21 11:28:56.943root 11241100x8000000000000000533122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce371592013ebc1c2021-12-21 11:28:57.443root 11241100x8000000000000000533123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d1773ec349d952021-12-21 11:28:57.443root 11241100x8000000000000000533124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2833f679c837faa12021-12-21 11:28:57.443root 11241100x8000000000000000533125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6009e90f2aa8a4252021-12-21 11:28:57.443root 11241100x8000000000000000533126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20b52bf2dfa87782021-12-21 11:28:57.443root 11241100x8000000000000000533127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c7050c380798042021-12-21 11:28:57.443root 11241100x8000000000000000533128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3196cba53bc4e0982021-12-21 11:28:57.443root 11241100x8000000000000000533129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e1d9ab4c3362492021-12-21 11:28:57.443root 11241100x8000000000000000533130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd4ca8b3c49b7912021-12-21 11:28:57.443root 11241100x8000000000000000533131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d86c248fa1fb532021-12-21 11:28:57.943root 11241100x8000000000000000533132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907273d332f2dfaf2021-12-21 11:28:57.943root 11241100x8000000000000000533133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9753f16fa3afa49c2021-12-21 11:28:57.943root 11241100x8000000000000000533134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becbb196bfcea3b02021-12-21 11:28:57.943root 11241100x8000000000000000533135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5939019a22457d2021-12-21 11:28:57.943root 11241100x8000000000000000533136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bb2f9993f1492e2021-12-21 11:28:57.943root 11241100x8000000000000000533137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4c5cc5b24fcf1a2021-12-21 11:28:57.943root 11241100x8000000000000000533138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9261731561ab53c92021-12-21 11:28:57.943root 11241100x8000000000000000533139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce479eb9fe427f9f2021-12-21 11:28:57.943root 11241100x8000000000000000533140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9544f367a8a1a73f2021-12-21 11:28:58.443root 11241100x8000000000000000533141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d9e5e8f05828682021-12-21 11:28:58.443root 11241100x8000000000000000533142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5f675f20e9d0c72021-12-21 11:28:58.443root 11241100x8000000000000000533143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa929535da609662021-12-21 11:28:58.443root 11241100x8000000000000000533144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebae1fcef5b92bb2021-12-21 11:28:58.443root 11241100x8000000000000000533145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565050582a668ce62021-12-21 11:28:58.443root 11241100x8000000000000000533146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf183a2e36b317a2021-12-21 11:28:58.443root 11241100x8000000000000000533147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0df322bc998aad2021-12-21 11:28:58.443root 11241100x8000000000000000533148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815bd74fdb248b972021-12-21 11:28:58.443root 11241100x8000000000000000533149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6fd871cf8091c62021-12-21 11:28:58.943root 11241100x8000000000000000533150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6242eaa3b091b12021-12-21 11:28:58.943root 11241100x8000000000000000533151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87307da455bdeda2021-12-21 11:28:58.943root 11241100x8000000000000000533152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edeac8a08111d542021-12-21 11:28:58.943root 11241100x8000000000000000533153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965175f95a3b8d642021-12-21 11:28:58.944root 11241100x8000000000000000533154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c3546aa97850b2021-12-21 11:28:58.944root 11241100x8000000000000000533155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8bdc206439e702021-12-21 11:28:58.944root 11241100x8000000000000000533156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1becde5f54cea4c2021-12-21 11:28:58.944root 11241100x8000000000000000533157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f41cab390d20f82021-12-21 11:28:58.944root 11241100x8000000000000000533158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3712dbb7dec71b1f2021-12-21 11:28:59.443root 11241100x8000000000000000533159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daf85757d336c922021-12-21 11:28:59.443root 11241100x8000000000000000533160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ad5613be9c288b2021-12-21 11:28:59.443root 11241100x8000000000000000533161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eca95f92a25adef2021-12-21 11:28:59.443root 11241100x8000000000000000533162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d1e58ba7bad9432021-12-21 11:28:59.443root 11241100x8000000000000000533163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd7389d3765b4e12021-12-21 11:28:59.443root 11241100x8000000000000000533164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4567123b70cc5932021-12-21 11:28:59.443root 11241100x8000000000000000533165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb66681beae79d12021-12-21 11:28:59.443root 11241100x8000000000000000533166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf712d21ee91e302021-12-21 11:28:59.443root 11241100x8000000000000000533167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2103b3cff9f6b0b92021-12-21 11:28:59.943root 11241100x8000000000000000533168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9530b8237904cfa2021-12-21 11:28:59.943root 11241100x8000000000000000533169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecc026fb59a42602021-12-21 11:28:59.943root 11241100x8000000000000000533170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9325be627ea74cb2021-12-21 11:28:59.943root 11241100x8000000000000000533171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9e09a3f93cb432021-12-21 11:28:59.943root 11241100x8000000000000000533172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2b3e8da18e97312021-12-21 11:28:59.943root 11241100x8000000000000000533173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec320ea213b1632021-12-21 11:28:59.943root 11241100x8000000000000000533174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b88b741d43edd092021-12-21 11:28:59.943root 11241100x8000000000000000533175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611493bf4c0aef102021-12-21 11:28:59.943root 354300x8000000000000000533176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.227{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48602-false10.0.1.12-8000- 11241100x8000000000000000533177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407d6fd00a7a195b2021-12-21 11:29:00.228root 11241100x8000000000000000533178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9106e0b4b8051b3c2021-12-21 11:29:00.228root 11241100x8000000000000000533179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99a65959b572a302021-12-21 11:29:00.228root 11241100x8000000000000000533180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e32393fee8f202021-12-21 11:29:00.228root 11241100x8000000000000000533181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15680874e3761d4b2021-12-21 11:29:00.228root 11241100x8000000000000000533182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73234c2c73e8ab02021-12-21 11:29:00.228root 11241100x8000000000000000533183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910f3f4f05af16072021-12-21 11:29:00.228root 11241100x8000000000000000533184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f1d909fbc327142021-12-21 11:29:00.228root 11241100x8000000000000000533185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3b95aad6bc1a582021-12-21 11:29:00.228root 11241100x8000000000000000533186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4dbcb75f6b8962021-12-21 11:29:00.229root 11241100x8000000000000000533187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121378c2782b4032021-12-21 11:29:00.693root 11241100x8000000000000000533188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dc789b39eb4f032021-12-21 11:29:00.693root 11241100x8000000000000000533189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cfa61cd07f4ee02021-12-21 11:29:00.693root 11241100x8000000000000000533190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dcc160f7bb76602021-12-21 11:29:00.693root 11241100x8000000000000000533191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd663c59f7ebfff52021-12-21 11:29:00.693root 11241100x8000000000000000533192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c31d227e1e47eb72021-12-21 11:29:00.693root 11241100x8000000000000000533193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec83c4754dfff132021-12-21 11:29:00.693root 11241100x8000000000000000533194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83e2e856e321d262021-12-21 11:29:00.693root 11241100x8000000000000000533195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ef695f1ec411b32021-12-21 11:29:00.693root 11241100x8000000000000000533196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50201f4ffb80df12021-12-21 11:29:00.693root 11241100x8000000000000000533197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb25b28be7e052a2021-12-21 11:29:01.193root 11241100x8000000000000000533198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a53abb5e51eb0f2021-12-21 11:29:01.193root 11241100x8000000000000000533199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25160dffb4eea2612021-12-21 11:29:01.193root 11241100x8000000000000000533200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0734898fcca9872021-12-21 11:29:01.193root 11241100x8000000000000000533201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fad72f7eaceef172021-12-21 11:29:01.194root 11241100x8000000000000000533202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9fc5f5ea5903fc2021-12-21 11:29:01.194root 11241100x8000000000000000533203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcf072f2fc8b4182021-12-21 11:29:01.194root 11241100x8000000000000000533204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24515d3a3d45dca62021-12-21 11:29:01.194root 11241100x8000000000000000533205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e6fd12a643187c2021-12-21 11:29:01.194root 11241100x8000000000000000533206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1cad12463d2c7c2021-12-21 11:29:01.194root 11241100x8000000000000000533207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fd1d1a1f6bcbdf2021-12-21 11:29:01.693root 11241100x8000000000000000533208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d55ed7f319a8f262021-12-21 11:29:01.693root 11241100x8000000000000000533209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c256eac1a5c61f2021-12-21 11:29:01.693root 11241100x8000000000000000533210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08617ee647a20d62021-12-21 11:29:01.693root 11241100x8000000000000000533211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443cbb0aee0dc1202021-12-21 11:29:01.693root 11241100x8000000000000000533212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a73be3e9ffb842021-12-21 11:29:01.693root 11241100x8000000000000000533213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3d57c6c3030ccf2021-12-21 11:29:01.693root 11241100x8000000000000000533214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3803f36fcbf0a5c52021-12-21 11:29:01.693root 11241100x8000000000000000533215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c87712bdb4a3e62021-12-21 11:29:01.693root 11241100x8000000000000000533216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715562b393e0cb8f2021-12-21 11:29:01.694root 11241100x8000000000000000533217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad086c65228baac72021-12-21 11:29:02.193root 11241100x8000000000000000533218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545e86a5a506ae7c2021-12-21 11:29:02.193root 11241100x8000000000000000533219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20126ce67b8c162021-12-21 11:29:02.193root 11241100x8000000000000000533220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34679c2ac34baf2021-12-21 11:29:02.193root 11241100x8000000000000000533221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370366b21c7280d2021-12-21 11:29:02.193root 11241100x8000000000000000533222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd723a886bbe3d1b2021-12-21 11:29:02.193root 11241100x8000000000000000533223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862c80a8fb40478b2021-12-21 11:29:02.193root 11241100x8000000000000000533224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9a9dadcda064602021-12-21 11:29:02.193root 11241100x8000000000000000533225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8e68bfc4c34f212021-12-21 11:29:02.193root 11241100x8000000000000000533226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2850d9c5a3d0832021-12-21 11:29:02.193root 11241100x8000000000000000533227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7a8ed7f6df5fdc2021-12-21 11:29:02.693root 11241100x8000000000000000533228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e109e4fe33da3b42021-12-21 11:29:02.693root 11241100x8000000000000000533229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b9ee6eb8889f0a2021-12-21 11:29:02.693root 11241100x8000000000000000533230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7007716cd4a7c66e2021-12-21 11:29:02.693root 11241100x8000000000000000533231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0d2b72478e392d2021-12-21 11:29:02.693root 11241100x8000000000000000533232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5dcd10343934142021-12-21 11:29:02.693root 11241100x8000000000000000533233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fd8cdbd3c72a6f2021-12-21 11:29:02.693root 11241100x8000000000000000533234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda51ed8349db2792021-12-21 11:29:02.693root 11241100x8000000000000000533235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a6fdf1c1e099042021-12-21 11:29:02.693root 11241100x8000000000000000533236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f972dd43244853d22021-12-21 11:29:02.693root 11241100x8000000000000000533237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7876f1b64eef422021-12-21 11:29:03.193root 11241100x8000000000000000533238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90f07c76c87cb062021-12-21 11:29:03.193root 11241100x8000000000000000533239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ac907ef412c71e2021-12-21 11:29:03.193root 11241100x8000000000000000533240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebfa6a0b2f680222021-12-21 11:29:03.193root 11241100x8000000000000000533241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861b30a60f6973682021-12-21 11:29:03.193root 11241100x8000000000000000533242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f6de454182f4e02021-12-21 11:29:03.193root 11241100x8000000000000000533243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc4bbfb52cc9d5c2021-12-21 11:29:03.193root 11241100x8000000000000000533244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9361415a15e1c9d2021-12-21 11:29:03.193root 11241100x8000000000000000533245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b8c86e58cf83352021-12-21 11:29:03.193root 11241100x8000000000000000533246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f124fdce96e7824c2021-12-21 11:29:03.193root 11241100x8000000000000000533247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d9721792051ec82021-12-21 11:29:03.693root 11241100x8000000000000000533248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fce44f91dbae7c2021-12-21 11:29:03.693root 11241100x8000000000000000533249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e014594728d7312021-12-21 11:29:03.693root 11241100x8000000000000000533250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18247c98ed6620b2021-12-21 11:29:03.693root 11241100x8000000000000000533251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9313da2e33d5b3d2021-12-21 11:29:03.693root 11241100x8000000000000000533252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895d772971ba4d052021-12-21 11:29:03.693root 11241100x8000000000000000533253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177cd59384a66762021-12-21 11:29:03.693root 11241100x8000000000000000533254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a365751058c15952021-12-21 11:29:03.693root 11241100x8000000000000000533255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e01b15e9e8b521a2021-12-21 11:29:03.693root 11241100x8000000000000000533256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fabd0c6ec308b0a2021-12-21 11:29:03.693root 11241100x8000000000000000533257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddcca5690f935a72021-12-21 11:29:04.193root 11241100x8000000000000000533258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b81bd78edadb7e32021-12-21 11:29:04.193root 11241100x8000000000000000533259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3b18c463ecd66c2021-12-21 11:29:04.193root 11241100x8000000000000000533260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc7e3cfa7d86c052021-12-21 11:29:04.193root 11241100x8000000000000000533261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f778e09990e0e702021-12-21 11:29:04.193root 11241100x8000000000000000533262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701dca039fd937ed2021-12-21 11:29:04.193root 11241100x8000000000000000533263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f904edcb1f1f32c2021-12-21 11:29:04.193root 11241100x8000000000000000533264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea46b96d5016ca4d2021-12-21 11:29:04.193root 11241100x8000000000000000533265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705b773dc49446ab2021-12-21 11:29:04.194root 11241100x8000000000000000533266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387269a88824c1332021-12-21 11:29:04.194root 11241100x8000000000000000533267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f5c10c74b8e7eb2021-12-21 11:29:04.693root 11241100x8000000000000000533268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba403e041bcf8cc2021-12-21 11:29:04.693root 11241100x8000000000000000533269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a02a8ee7bccb952021-12-21 11:29:04.693root 11241100x8000000000000000533270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e162a5379eaff62021-12-21 11:29:04.693root 11241100x8000000000000000533271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c552478af53379832021-12-21 11:29:04.694root 11241100x8000000000000000533272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2875e0728fc1272021-12-21 11:29:04.694root 11241100x8000000000000000533273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1461caca3300f6ba2021-12-21 11:29:04.694root 11241100x8000000000000000533274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bb21c661715ed72021-12-21 11:29:04.694root 11241100x8000000000000000533275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3f27ca124443e2021-12-21 11:29:04.694root 11241100x8000000000000000533276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6396c4f3fe499a632021-12-21 11:29:04.694root 534500x8000000000000000533277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.067{00000000-0000-0000-0000-000000000000}9861<unknown process>root 11241100x8000000000000000533278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a83b095359c1bef2021-12-21 11:29:05.068root 11241100x8000000000000000533279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a9ea8ec33ec37f2021-12-21 11:29:05.068root 11241100x8000000000000000533280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c670c84e6d54092021-12-21 11:29:05.068root 11241100x8000000000000000533281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81440c0039b147d82021-12-21 11:29:05.069root 11241100x8000000000000000533282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ad464121652eb2021-12-21 11:29:05.069root 11241100x8000000000000000533283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b78e943acb3f4b2021-12-21 11:29:05.069root 11241100x8000000000000000533284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50b496fe46f8e492021-12-21 11:29:05.069root 11241100x8000000000000000533285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f62af16d7e4c882021-12-21 11:29:05.069root 11241100x8000000000000000533286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71862ca10a0d9b192021-12-21 11:29:05.069root 11241100x8000000000000000533287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675805c347dde6382021-12-21 11:29:05.069root 11241100x8000000000000000533288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5294f971ca39342021-12-21 11:29:05.070root 11241100x8000000000000000533289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5ad90b7cea1d192021-12-21 11:29:05.443root 11241100x8000000000000000533290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52fc62511546c002021-12-21 11:29:05.443root 11241100x8000000000000000533291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa2454b6a8a271b2021-12-21 11:29:05.443root 11241100x8000000000000000533292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c375d63738031fb2021-12-21 11:29:05.443root 11241100x8000000000000000533293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81263639e0afeae12021-12-21 11:29:05.443root 11241100x8000000000000000533294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd2fa6a259b92b92021-12-21 11:29:05.443root 11241100x8000000000000000533295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414590087ad4d6f22021-12-21 11:29:05.443root 11241100x8000000000000000533296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f551257e24b2822021-12-21 11:29:05.443root 11241100x8000000000000000533297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caa9c0a420b07a62021-12-21 11:29:05.443root 11241100x8000000000000000533298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23cf6ba656f29062021-12-21 11:29:05.443root 11241100x8000000000000000533299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b66fabbae83eb2021-12-21 11:29:05.444root 11241100x8000000000000000533300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc41e6d5483f4062021-12-21 11:29:05.943root 11241100x8000000000000000533301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991dd0a3392c07562021-12-21 11:29:05.943root 11241100x8000000000000000533302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a7bc035a4d5c02021-12-21 11:29:05.943root 11241100x8000000000000000533303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c2fd2a3d5b5b172021-12-21 11:29:05.943root 11241100x8000000000000000533304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e820c1d827a3edec2021-12-21 11:29:05.943root 11241100x8000000000000000533305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23c13588696048a2021-12-21 11:29:05.943root 11241100x8000000000000000533306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726b84bc5e6e0f6d2021-12-21 11:29:05.943root 11241100x8000000000000000533307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbc0884270a76f72021-12-21 11:29:05.944root 11241100x8000000000000000533308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e91d23d0e13f732021-12-21 11:29:05.944root 11241100x8000000000000000533309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6692a85f24d73fbe2021-12-21 11:29:05.944root 11241100x8000000000000000533310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df0bee336890e362021-12-21 11:29:05.944root 354300x8000000000000000533311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.113{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48604-false10.0.1.12-8000- 11241100x8000000000000000533312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:29:06.327root 11241100x8000000000000000533313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2591642e3fb8b92021-12-21 11:29:06.328root 11241100x8000000000000000533314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f618e8013c21182021-12-21 11:29:06.328root 11241100x8000000000000000533315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9976b9d51696c38f2021-12-21 11:29:06.328root 11241100x8000000000000000533316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cde879acd967e912021-12-21 11:29:06.328root 11241100x8000000000000000533317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1624f46518e652ed2021-12-21 11:29:06.329root 11241100x8000000000000000533318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba88dd697271d912021-12-21 11:29:06.329root 11241100x8000000000000000533319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df722d8c57061e2021-12-21 11:29:06.329root 11241100x8000000000000000533320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e5851f157684942021-12-21 11:29:06.329root 11241100x8000000000000000533321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27644fe3074736bd2021-12-21 11:29:06.329root 11241100x8000000000000000533322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f54f6716962fd2d2021-12-21 11:29:06.329root 11241100x8000000000000000533323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8a225f19566bb42021-12-21 11:29:06.329root 11241100x8000000000000000533324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24a4a837481ed002021-12-21 11:29:06.329root 11241100x8000000000000000533325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191c7f32039bd4422021-12-21 11:29:06.693root 11241100x8000000000000000533326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa49f9828b91bcf2021-12-21 11:29:06.693root 11241100x8000000000000000533327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d95983b13ff56e2021-12-21 11:29:06.693root 11241100x8000000000000000533328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15205dffd4fb8af02021-12-21 11:29:06.693root 11241100x8000000000000000533329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901bf7518d2226222021-12-21 11:29:06.693root 11241100x8000000000000000533330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5ef44f8ed4b1642021-12-21 11:29:06.694root 11241100x8000000000000000533331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3fd8e18f0d52e62021-12-21 11:29:06.694root 11241100x8000000000000000533332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1575b46862f672021-12-21 11:29:06.694root 11241100x8000000000000000533333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123a3833e6abde062021-12-21 11:29:06.694root 11241100x8000000000000000533334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83784bf35e274c852021-12-21 11:29:06.694root 11241100x8000000000000000533335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981502f7f1716dc02021-12-21 11:29:06.694root 11241100x8000000000000000533336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e6c1e66f499e812021-12-21 11:29:06.694root 11241100x8000000000000000533337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce7b00e2155001b2021-12-21 11:29:06.694root 11241100x8000000000000000533338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ad4b7323e3e4e12021-12-21 11:29:07.193root 11241100x8000000000000000533339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491b95543ef651982021-12-21 11:29:07.193root 11241100x8000000000000000533340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f55b6f91b3a122021-12-21 11:29:07.193root 11241100x8000000000000000533341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e4a92670777fc02021-12-21 11:29:07.193root 11241100x8000000000000000533342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62659d9ea7cd9e42021-12-21 11:29:07.193root 11241100x8000000000000000533343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeedc5099bcf8c242021-12-21 11:29:07.193root 11241100x8000000000000000533344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef881e4a14dec9e2021-12-21 11:29:07.193root 11241100x8000000000000000533345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbc1895ff8fdcc92021-12-21 11:29:07.193root 11241100x8000000000000000533346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5961b438b3688e2f2021-12-21 11:29:07.194root 11241100x8000000000000000533347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b5d1afcfa6489c2021-12-21 11:29:07.194root 11241100x8000000000000000533348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9012024ef5fe3fc22021-12-21 11:29:07.194root 11241100x8000000000000000533349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc4d90491212e52021-12-21 11:29:07.194root 11241100x8000000000000000533350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79cd5f25d0229aa2021-12-21 11:29:07.194root 11241100x8000000000000000533351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb1d689309ffb142021-12-21 11:29:07.693root 11241100x8000000000000000533352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fabba9333fdf922021-12-21 11:29:07.693root 11241100x8000000000000000533353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd2cfd2c27b5dad2021-12-21 11:29:07.693root 11241100x8000000000000000533354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da635b6f2e9c6a3b2021-12-21 11:29:07.693root 11241100x8000000000000000533355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459ce25c95dc7f822021-12-21 11:29:07.693root 11241100x8000000000000000533356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2b4be4fbf4303d2021-12-21 11:29:07.693root 11241100x8000000000000000533357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86e7bb745fa5d0f2021-12-21 11:29:07.694root 11241100x8000000000000000533358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bf27e3dc570e3c2021-12-21 11:29:07.694root 11241100x8000000000000000533359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b07bca4cdf8c9c2021-12-21 11:29:07.694root 11241100x8000000000000000533360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bbbb1bd5d535152021-12-21 11:29:07.694root 11241100x8000000000000000533361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e7f45c7c5928292021-12-21 11:29:07.695root 11241100x8000000000000000533362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495ca5f8a3cf1ca62021-12-21 11:29:07.695root 11241100x8000000000000000533363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7634f01558c5bfd72021-12-21 11:29:07.695root 11241100x8000000000000000533364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eace6348143dfa102021-12-21 11:29:08.193root 11241100x8000000000000000533365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ef2c773c5c73ec2021-12-21 11:29:08.193root 11241100x8000000000000000533366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eacf934ea07fe662021-12-21 11:29:08.193root 11241100x8000000000000000533367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1703b303bf82d62021-12-21 11:29:08.194root 11241100x8000000000000000533368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5625b5439ddcd3c92021-12-21 11:29:08.194root 11241100x8000000000000000533369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6feffcd058b0ce2021-12-21 11:29:08.194root 11241100x8000000000000000533370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8918f4c1e7bedd302021-12-21 11:29:08.194root 11241100x8000000000000000533371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf0f5cc38449f642021-12-21 11:29:08.194root 11241100x8000000000000000533372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4da3b37c3981d292021-12-21 11:29:08.194root 11241100x8000000000000000533373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a09ccf6ea2fcd62021-12-21 11:29:08.194root 11241100x8000000000000000533374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892d6891c56968a62021-12-21 11:29:08.194root 11241100x8000000000000000533375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a3c70c4986b80e2021-12-21 11:29:08.195root 11241100x8000000000000000533376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8ea5a35963d51b2021-12-21 11:29:08.195root 11241100x8000000000000000533377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca85454910fed7ae2021-12-21 11:29:08.693root 11241100x8000000000000000533378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc215359ccc230a22021-12-21 11:29:08.693root 11241100x8000000000000000533379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c0c899dbcdc6ef2021-12-21 11:29:08.693root 11241100x8000000000000000533380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c9c26db13f07b12021-12-21 11:29:08.693root 11241100x8000000000000000533381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214c2d78375f33092021-12-21 11:29:08.693root 11241100x8000000000000000533382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c04e272a3cbf152021-12-21 11:29:08.694root 11241100x8000000000000000533383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e5be94b9dde272021-12-21 11:29:08.694root 11241100x8000000000000000533384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7196fe806b5288ff2021-12-21 11:29:08.694root 11241100x8000000000000000533385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4fcd400dabe9aa2021-12-21 11:29:08.694root 11241100x8000000000000000533386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f294aecd67eeef842021-12-21 11:29:08.694root 11241100x8000000000000000533387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c790808db955482021-12-21 11:29:08.694root 11241100x8000000000000000533388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190b3a7c94603da52021-12-21 11:29:08.694root 11241100x8000000000000000533389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5686899cd27a26f2021-12-21 11:29:08.694root 11241100x8000000000000000533390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632de1acfed47d992021-12-21 11:29:09.193root 11241100x8000000000000000533391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfacd8e4d76e1952021-12-21 11:29:09.193root 11241100x8000000000000000533392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8cf98237f50b102021-12-21 11:29:09.193root 11241100x8000000000000000533393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0956565f9cfa2cc2021-12-21 11:29:09.193root 11241100x8000000000000000533394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d764749f189c752021-12-21 11:29:09.193root 11241100x8000000000000000533395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a770cf47a9d62cdc2021-12-21 11:29:09.193root 11241100x8000000000000000533396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a907302cbd6e722021-12-21 11:29:09.193root 11241100x8000000000000000533397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448bfcc15f1e80bf2021-12-21 11:29:09.193root 11241100x8000000000000000533398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31407d76fb7c25ff2021-12-21 11:29:09.193root 11241100x8000000000000000533399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4907b438cce3412021-12-21 11:29:09.194root 11241100x8000000000000000533400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a306bdefda793f412021-12-21 11:29:09.194root 11241100x8000000000000000533401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f907fbd1b87152021-12-21 11:29:09.194root 11241100x8000000000000000533402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436b9634e30982662021-12-21 11:29:09.194root 23542300x8000000000000000533403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000533404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cd1ec5b6ffa4b12021-12-21 11:29:09.693root 11241100x8000000000000000533405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798b1d34b55fd32c2021-12-21 11:29:09.693root 11241100x8000000000000000533406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d6c31affe76e192021-12-21 11:29:09.693root 11241100x8000000000000000533407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3640c2e1204eb0c62021-12-21 11:29:09.693root 11241100x8000000000000000533408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91c13a47eb73ef22021-12-21 11:29:09.693root 11241100x8000000000000000533409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9296f7057b3de94b2021-12-21 11:29:09.693root 11241100x8000000000000000533410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f0719426f19b3a2021-12-21 11:29:09.693root 11241100x8000000000000000533411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e33cd675482f682021-12-21 11:29:09.693root 11241100x8000000000000000533412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bde3b35a7a76552021-12-21 11:29:09.694root 11241100x8000000000000000533413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d099c69e3aa320432021-12-21 11:29:09.694root 11241100x8000000000000000533414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08941a16ffda32aa2021-12-21 11:29:09.694root 11241100x8000000000000000533415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338643c28fd2fbab2021-12-21 11:29:09.694root 11241100x8000000000000000533416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee73c58611c1a2e2021-12-21 11:29:09.694root 11241100x8000000000000000533417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dfca19185a35f62021-12-21 11:29:09.694root 11241100x8000000000000000533418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3295a0b89fc37ce2021-12-21 11:29:10.193root 11241100x8000000000000000533419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d996e0c7b74e762021-12-21 11:29:10.193root 11241100x8000000000000000533420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff25179ae09e056e2021-12-21 11:29:10.193root 11241100x8000000000000000533421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c98de9de8a9ec72021-12-21 11:29:10.193root 11241100x8000000000000000533422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3ba1efee04498f2021-12-21 11:29:10.193root 11241100x8000000000000000533423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bd49ce2a8739b72021-12-21 11:29:10.193root 11241100x8000000000000000533424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f828e5d41c25e0f2021-12-21 11:29:10.193root 11241100x8000000000000000533425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82319203c368ad2021-12-21 11:29:10.193root 11241100x8000000000000000533426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e4c78e591978ca2021-12-21 11:29:10.194root 11241100x8000000000000000533427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da138f44a3a10ff12021-12-21 11:29:10.194root 11241100x8000000000000000533428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b24ba115304c002021-12-21 11:29:10.194root 11241100x8000000000000000533429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa0af1e320093762021-12-21 11:29:10.194root 11241100x8000000000000000533430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496a4440eac96dd32021-12-21 11:29:10.194root 11241100x8000000000000000533431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4646f559a9fa9b682021-12-21 11:29:10.194root 11241100x8000000000000000533432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf9acf2cbd35de2021-12-21 11:29:10.693root 11241100x8000000000000000533433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae5c36e63ea06c2021-12-21 11:29:10.693root 11241100x8000000000000000533434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440c055f4ba36dc82021-12-21 11:29:10.693root 11241100x8000000000000000533435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7d9076dbc3a0802021-12-21 11:29:10.693root 11241100x8000000000000000533436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7473007fc683016a2021-12-21 11:29:10.693root 11241100x8000000000000000533437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3fb7d926b6e83d2021-12-21 11:29:10.693root 11241100x8000000000000000533438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fa9c59ab4f2bf22021-12-21 11:29:10.693root 11241100x8000000000000000533439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75598f01e78fd6b42021-12-21 11:29:10.693root 11241100x8000000000000000533440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8fd3a7a933f06f2021-12-21 11:29:10.693root 11241100x8000000000000000533441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9fe06cb730544b2021-12-21 11:29:10.694root 11241100x8000000000000000533442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d8d4f762e08fcb2021-12-21 11:29:10.694root 11241100x8000000000000000533443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4418bb0ff70cba2021-12-21 11:29:10.694root 11241100x8000000000000000533444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0549b3216031782021-12-21 11:29:10.694root 11241100x8000000000000000533445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d183c189f844f30a2021-12-21 11:29:10.694root 354300x8000000000000000533446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.146{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48606-false10.0.1.12-8000- 11241100x8000000000000000533447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a699f58992e2248e2021-12-21 11:29:11.147root 11241100x8000000000000000533448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a878f0ed72d3411f2021-12-21 11:29:11.147root 11241100x8000000000000000533449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68661ea503133de2021-12-21 11:29:11.147root 11241100x8000000000000000533450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe988a82946cf82021-12-21 11:29:11.147root 11241100x8000000000000000533451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efd1f03611178132021-12-21 11:29:11.147root 11241100x8000000000000000533452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b761fb19608a702021-12-21 11:29:11.147root 11241100x8000000000000000533453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3a36807f6fecaf2021-12-21 11:29:11.147root 11241100x8000000000000000533454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3580d76b2d42e32021-12-21 11:29:11.148root 11241100x8000000000000000533455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be2e28fd8ef9c0d2021-12-21 11:29:11.148root 11241100x8000000000000000533456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d26996450780142021-12-21 11:29:11.148root 11241100x8000000000000000533457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7075700823e79a02021-12-21 11:29:11.148root 11241100x8000000000000000533458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bf86bcf4a8bd702021-12-21 11:29:11.148root 11241100x8000000000000000533459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f930e09a3d5a3dd2021-12-21 11:29:11.149root 11241100x8000000000000000533460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57509934fcb93912021-12-21 11:29:11.149root 11241100x8000000000000000533461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c6e59584cb802c2021-12-21 11:29:11.149root 11241100x8000000000000000533462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0d96b4d289b98e2021-12-21 11:29:11.151root 11241100x8000000000000000533463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790abd0495b59f8a2021-12-21 11:29:11.152root 11241100x8000000000000000533464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a14e6ec224a86822021-12-21 11:29:11.443root 11241100x8000000000000000533465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8d86f943a219a02021-12-21 11:29:11.443root 11241100x8000000000000000533466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b043b192d5781ccd2021-12-21 11:29:11.443root 11241100x8000000000000000533467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65d4361ab348442021-12-21 11:29:11.443root 11241100x8000000000000000533468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c631fcade825e872021-12-21 11:29:11.443root 11241100x8000000000000000533469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8985d44e14b2c3a32021-12-21 11:29:11.444root 11241100x8000000000000000533470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054b1a032be48bf2021-12-21 11:29:11.444root 11241100x8000000000000000533471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff36be2d623a0c2021-12-21 11:29:11.444root 11241100x8000000000000000533472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802105316ce6aca72021-12-21 11:29:11.444root 11241100x8000000000000000533473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94182c0b03fa6acb2021-12-21 11:29:11.444root 11241100x8000000000000000533474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0eb0de727dcc7c2021-12-21 11:29:11.444root 11241100x8000000000000000533475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b192e7423881bfad2021-12-21 11:29:11.444root 11241100x8000000000000000533476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2e0ac7c2edf5172021-12-21 11:29:11.444root 11241100x8000000000000000533477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297ca569fc722432021-12-21 11:29:11.444root 11241100x8000000000000000533478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0d61cd0139c1d62021-12-21 11:29:11.444root 11241100x8000000000000000533479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ff43bf6b4f12ca2021-12-21 11:29:11.943root 11241100x8000000000000000533480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae4da99eb93daae2021-12-21 11:29:11.944root 11241100x8000000000000000533481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dcabfb3a35b72d2021-12-21 11:29:11.944root 11241100x8000000000000000533482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181444acf8a8720a2021-12-21 11:29:11.944root 11241100x8000000000000000533483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c49d31d14bac1522021-12-21 11:29:11.944root 11241100x8000000000000000533484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21b190a1d8306c72021-12-21 11:29:11.944root 11241100x8000000000000000533485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d9801df2357e772021-12-21 11:29:11.944root 11241100x8000000000000000533486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4405f19681c663d2021-12-21 11:29:11.944root 11241100x8000000000000000533487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7655f94f96cc3b212021-12-21 11:29:11.944root 11241100x8000000000000000533488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2a3ae8a8b039df2021-12-21 11:29:11.944root 11241100x8000000000000000533489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d7bf4bd2f68e82021-12-21 11:29:11.944root 11241100x8000000000000000533490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2089c24e1a5cf462021-12-21 11:29:11.944root 11241100x8000000000000000533491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3517f4ce772486aa2021-12-21 11:29:11.944root 11241100x8000000000000000533492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35edbfc22e33aec2021-12-21 11:29:11.944root 11241100x8000000000000000533493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1289f8aedb4849932021-12-21 11:29:11.945root 11241100x8000000000000000533494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50222e60236c36d52021-12-21 11:29:12.443root 11241100x8000000000000000533495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f491996ded2e2af2021-12-21 11:29:12.443root 11241100x8000000000000000533496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792093a461332b02021-12-21 11:29:12.443root 11241100x8000000000000000533497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7160b3a9b9140f2021-12-21 11:29:12.443root 11241100x8000000000000000533498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7684d4a5fe70cfd52021-12-21 11:29:12.443root 11241100x8000000000000000533499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813738844e0e3f282021-12-21 11:29:12.444root 11241100x8000000000000000533500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a6b9cf320d711e2021-12-21 11:29:12.444root 11241100x8000000000000000533501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23996c8af0509ef2021-12-21 11:29:12.444root 11241100x8000000000000000533502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66e2cec06ed4152021-12-21 11:29:12.444root 11241100x8000000000000000533503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfef623e31e7e212021-12-21 11:29:12.444root 11241100x8000000000000000533504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9ad7b9f59b2bbe2021-12-21 11:29:12.444root 11241100x8000000000000000533505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f6add8d57da642021-12-21 11:29:12.444root 11241100x8000000000000000533506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e770aa333f653222021-12-21 11:29:12.444root 11241100x8000000000000000533507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db5a890c54b39092021-12-21 11:29:12.445root 11241100x8000000000000000533508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1a0386c71b48f02021-12-21 11:29:12.445root 11241100x8000000000000000533509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57db91a4c098233c2021-12-21 11:29:12.445root 11241100x8000000000000000533510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17220d80168965ff2021-12-21 11:29:12.943root 11241100x8000000000000000533511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826f568e9ead148c2021-12-21 11:29:12.943root 11241100x8000000000000000533512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865e8453c6946b22021-12-21 11:29:12.943root 11241100x8000000000000000533513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9580aa92d69cef2021-12-21 11:29:12.943root 11241100x8000000000000000533514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cedbd2eeb941f92021-12-21 11:29:12.943root 11241100x8000000000000000533515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3e3fd8d0b5e91f2021-12-21 11:29:12.943root 11241100x8000000000000000533516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef930450915e45e22021-12-21 11:29:12.943root 11241100x8000000000000000533517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1450328f52f23b152021-12-21 11:29:12.944root 11241100x8000000000000000533518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2d10bc950f92692021-12-21 11:29:12.944root 11241100x8000000000000000533519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54e6ca24c5a86f2021-12-21 11:29:12.944root 11241100x8000000000000000533520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3349436ef6b82d2021-12-21 11:29:12.944root 11241100x8000000000000000533521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc95ef30b717accb2021-12-21 11:29:12.944root 11241100x8000000000000000533522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20d01634f9bf39c2021-12-21 11:29:12.944root 11241100x8000000000000000533523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ba6e566622a3562021-12-21 11:29:12.944root 11241100x8000000000000000533524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f024fd7f73c46042021-12-21 11:29:12.944root 11241100x8000000000000000533525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2535a94bf47110742021-12-21 11:29:13.443root 11241100x8000000000000000533526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f6b7b527c6bb32021-12-21 11:29:13.443root 11241100x8000000000000000533527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c1a2924cd4c6f72021-12-21 11:29:13.443root 11241100x8000000000000000533528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb62be83b2a93e5c2021-12-21 11:29:13.443root 11241100x8000000000000000533529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e1651aff21ab22021-12-21 11:29:13.443root 11241100x8000000000000000533530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1b45cf49398c1d2021-12-21 11:29:13.443root 11241100x8000000000000000533531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a7ffdb03a744e02021-12-21 11:29:13.444root 11241100x8000000000000000533532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f8660163491102021-12-21 11:29:13.444root 11241100x8000000000000000533533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ac5500fe5c2b7c2021-12-21 11:29:13.444root 11241100x8000000000000000533534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05420ad776fb86892021-12-21 11:29:13.444root 11241100x8000000000000000533535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93582c5bca7e6ae2021-12-21 11:29:13.444root 11241100x8000000000000000533536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300f74edf011e10c2021-12-21 11:29:13.444root 11241100x8000000000000000533537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aab16035340a1402021-12-21 11:29:13.444root 11241100x8000000000000000533538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a34046bcbefa53b2021-12-21 11:29:13.444root 11241100x8000000000000000533539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f0184cbee434672021-12-21 11:29:13.444root 11241100x8000000000000000533540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229122e67f372f9f2021-12-21 11:29:13.943root 11241100x8000000000000000533541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9169f0962172aa372021-12-21 11:29:13.944root 11241100x8000000000000000533542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24aab41de4ec4b6a2021-12-21 11:29:13.944root 11241100x8000000000000000533543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376da7e0b86d06852021-12-21 11:29:13.944root 11241100x8000000000000000533544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a279f28c7db2c2021-12-21 11:29:13.944root 11241100x8000000000000000533545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aec7d74a17077c52021-12-21 11:29:13.944root 11241100x8000000000000000533546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2551cd5f99c62cbd2021-12-21 11:29:13.944root 11241100x8000000000000000533547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce1cf3ff27f3e252021-12-21 11:29:13.945root 11241100x8000000000000000533548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a9be0c69af07e52021-12-21 11:29:13.945root 11241100x8000000000000000533549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d0a901ce2dac9b2021-12-21 11:29:13.945root 11241100x8000000000000000533550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f8af641cea81f2021-12-21 11:29:13.945root 11241100x8000000000000000533551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c36c2f0ca40dfd2021-12-21 11:29:13.945root 11241100x8000000000000000533552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9d29b32265433d2021-12-21 11:29:13.946root 11241100x8000000000000000533553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4de390539b6ade2021-12-21 11:29:13.946root 11241100x8000000000000000533554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1dc608801b85c22021-12-21 11:29:13.946root 11241100x8000000000000000533555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ed94a3a04771372021-12-21 11:29:14.443root 11241100x8000000000000000533556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7847c85c3b619cd62021-12-21 11:29:14.443root 11241100x8000000000000000533557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defed371cd72c9d32021-12-21 11:29:14.443root 11241100x8000000000000000533558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668af500261839d52021-12-21 11:29:14.443root 11241100x8000000000000000533559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b6f49a5a4600aa2021-12-21 11:29:14.443root 11241100x8000000000000000533560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5208cb73613cd8b02021-12-21 11:29:14.443root 11241100x8000000000000000533561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3f314f206e35202021-12-21 11:29:14.443root 11241100x8000000000000000533562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c975bdd5bf0b642021-12-21 11:29:14.443root 11241100x8000000000000000533563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534d6e98fa59b5042021-12-21 11:29:14.443root 11241100x8000000000000000533564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175311971136712a2021-12-21 11:29:14.443root 11241100x8000000000000000533565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6415e73c95efdbf2021-12-21 11:29:14.444root 11241100x8000000000000000533566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b309f57638f754842021-12-21 11:29:14.444root 11241100x8000000000000000533567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a940acc4201502021-12-21 11:29:14.444root 11241100x8000000000000000533568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a5e2816423735a2021-12-21 11:29:14.444root 11241100x8000000000000000533569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a59f509aca4cf862021-12-21 11:29:14.444root 11241100x8000000000000000533570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4264d629f3d544b2021-12-21 11:29:14.943root 11241100x8000000000000000533571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa9338f446dcc452021-12-21 11:29:14.943root 11241100x8000000000000000533572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c7b1b4006a0d4b2021-12-21 11:29:14.943root 11241100x8000000000000000533573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15e68216b6762f72021-12-21 11:29:14.943root 11241100x8000000000000000533574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d5c0acbf2ae3d02021-12-21 11:29:14.943root 11241100x8000000000000000533575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8127b824d38313bb2021-12-21 11:29:14.944root 11241100x8000000000000000533576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9faa0f6876cf6282021-12-21 11:29:14.944root 11241100x8000000000000000533577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08acbe9aa7bb21e42021-12-21 11:29:14.944root 11241100x8000000000000000533578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dfaa0be7fce8c92021-12-21 11:29:14.944root 11241100x8000000000000000533579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ac9e455274c182021-12-21 11:29:14.944root 11241100x8000000000000000533580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a446a749bf5e6b2021-12-21 11:29:14.944root 11241100x8000000000000000533581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e45c2a6c58d2cd2021-12-21 11:29:14.944root 11241100x8000000000000000533582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbaa4162ecff2e02021-12-21 11:29:14.944root 11241100x8000000000000000533583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ffd7caf393d6622021-12-21 11:29:14.944root 11241100x8000000000000000533584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21fdd42757c29a12021-12-21 11:29:14.945root 11241100x8000000000000000533585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeb4ecc22589d802021-12-21 11:29:15.443root 11241100x8000000000000000533586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a623362310da432021-12-21 11:29:15.443root 11241100x8000000000000000533587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27d46b2cf7a83a2021-12-21 11:29:15.444root 11241100x8000000000000000533588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee7f0ba8909ef6b2021-12-21 11:29:15.444root 11241100x8000000000000000533589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20de12870b6a1bb2021-12-21 11:29:15.444root 11241100x8000000000000000533590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a7f7843b83754c2021-12-21 11:29:15.444root 11241100x8000000000000000533591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf77fb9c0661f8d2021-12-21 11:29:15.444root 11241100x8000000000000000533592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa1a5fee54495142021-12-21 11:29:15.445root 11241100x8000000000000000533593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bf1024ee2c30502021-12-21 11:29:15.445root 11241100x8000000000000000533594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dde9219f22d6302021-12-21 11:29:15.445root 11241100x8000000000000000533595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a523f3072436ca12021-12-21 11:29:15.445root 11241100x8000000000000000533596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac17007017e2b9b2021-12-21 11:29:15.445root 11241100x8000000000000000533597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c9d816b0f212b92021-12-21 11:29:15.445root 11241100x8000000000000000533598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e33593c2c9b942021-12-21 11:29:15.446root 11241100x8000000000000000533599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef4225c26a9238f2021-12-21 11:29:15.446root 11241100x8000000000000000533600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbe69c7e90a2a2b2021-12-21 11:29:15.943root 11241100x8000000000000000533601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c6367077153cee2021-12-21 11:29:15.943root 11241100x8000000000000000533602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb616037a79fd6782021-12-21 11:29:15.943root 11241100x8000000000000000533603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333150efa5dfadb12021-12-21 11:29:15.943root 11241100x8000000000000000533604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa718e2e950fb5f2021-12-21 11:29:15.943root 11241100x8000000000000000533605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bdb39f032b2aeb2021-12-21 11:29:15.943root 11241100x8000000000000000533606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121e4b3fb75032132021-12-21 11:29:15.943root 11241100x8000000000000000533607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e908e523416c39512021-12-21 11:29:15.944root 11241100x8000000000000000533608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0c8a1d11938a02021-12-21 11:29:15.944root 11241100x8000000000000000533609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3912ec547380ae372021-12-21 11:29:15.944root 11241100x8000000000000000533610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc9c628458689eb2021-12-21 11:29:15.944root 11241100x8000000000000000533611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6a1e09f0c9ae872021-12-21 11:29:15.944root 11241100x8000000000000000533612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e660b4dc0539baed2021-12-21 11:29:15.944root 11241100x8000000000000000533613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202af4be247cf7ac2021-12-21 11:29:15.944root 11241100x8000000000000000533614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba627efe69c4a0952021-12-21 11:29:15.944root 354300x8000000000000000533615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.247{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48608-false10.0.1.12-8000- 11241100x8000000000000000533616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9cd296d1002cb2021-12-21 11:29:16.248root 11241100x8000000000000000533617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c975fa121ff9822021-12-21 11:29:16.248root 11241100x8000000000000000533618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd8bdf84e9c73dd2021-12-21 11:29:16.249root 11241100x8000000000000000533619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502b359f0aecfd452021-12-21 11:29:16.249root 11241100x8000000000000000533620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6386059cbd78cdc2021-12-21 11:29:16.249root 11241100x8000000000000000533621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b79654ff9fd8a12021-12-21 11:29:16.250root 11241100x8000000000000000533622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c589169e6a2ca782021-12-21 11:29:16.250root 11241100x8000000000000000533623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9332ee7ec4050412021-12-21 11:29:16.250root 11241100x8000000000000000533624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6bdff825d57a792021-12-21 11:29:16.250root 11241100x8000000000000000533625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08abb88006e3bd1b2021-12-21 11:29:16.250root 11241100x8000000000000000533626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0b1b805eeb34f2021-12-21 11:29:16.250root 11241100x8000000000000000533627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7d9047c0c713aa2021-12-21 11:29:16.250root 11241100x8000000000000000533628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28359e8eba19eb062021-12-21 11:29:16.250root 11241100x8000000000000000533629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424832b818740022021-12-21 11:29:16.250root 11241100x8000000000000000533630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf30c48352a4f7422021-12-21 11:29:16.250root 11241100x8000000000000000533631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3a8e078a527b362021-12-21 11:29:16.251root 11241100x8000000000000000533632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e647e5928d93172021-12-21 11:29:16.251root 11241100x8000000000000000533633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aa5d44daf0cbe32021-12-21 11:29:16.693root 11241100x8000000000000000533634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d8b7a7e056e41c2021-12-21 11:29:16.693root 11241100x8000000000000000533635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e847f7864e0939932021-12-21 11:29:16.693root 11241100x8000000000000000533636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531f8a1466a90a192021-12-21 11:29:16.693root 11241100x8000000000000000533637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488aec7b20a1c7082021-12-21 11:29:16.693root 11241100x8000000000000000533638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31b1cdf4d54ead72021-12-21 11:29:16.693root 11241100x8000000000000000533639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b539f45bd6eae7782021-12-21 11:29:16.693root 11241100x8000000000000000533640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14479e360983bb262021-12-21 11:29:16.694root 11241100x8000000000000000533641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de586bee63cb27022021-12-21 11:29:16.694root 11241100x8000000000000000533642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69db1871a56dccf42021-12-21 11:29:16.694root 11241100x8000000000000000533643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a61638608f8c32021-12-21 11:29:16.694root 11241100x8000000000000000533644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a2f498aefcde882021-12-21 11:29:16.694root 11241100x8000000000000000533645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e98682c3cb060252021-12-21 11:29:16.694root 11241100x8000000000000000533646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee1c35c699b781c2021-12-21 11:29:16.694root 11241100x8000000000000000533647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e9f49e91229ba2021-12-21 11:29:16.694root 11241100x8000000000000000533648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579f92e1bc8f9962021-12-21 11:29:16.694root 11241100x8000000000000000533649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7308a3d08d0a93912021-12-21 11:29:17.193root 11241100x8000000000000000533650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c79f0e68e6b9722021-12-21 11:29:17.193root 11241100x8000000000000000533651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d3d58db223ff52021-12-21 11:29:17.193root 11241100x8000000000000000533652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a177b96948d1092021-12-21 11:29:17.193root 11241100x8000000000000000533653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd475c8a3cb5f6a62021-12-21 11:29:17.193root 11241100x8000000000000000533654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1356e3566df428732021-12-21 11:29:17.193root 11241100x8000000000000000533655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abee2f41f3f309b92021-12-21 11:29:17.193root 11241100x8000000000000000533656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f7b98722b387ba2021-12-21 11:29:17.193root 11241100x8000000000000000533657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f563af495fa3be2021-12-21 11:29:17.194root 11241100x8000000000000000533658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef676827c48d09452021-12-21 11:29:17.194root 11241100x8000000000000000533659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0742d05d0804a0922021-12-21 11:29:17.194root 11241100x8000000000000000533660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f6681b78e9a3b2021-12-21 11:29:17.194root 11241100x8000000000000000533661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beb34bc07fd7d552021-12-21 11:29:17.194root 11241100x8000000000000000533662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248bef185a8c656b2021-12-21 11:29:17.194root 11241100x8000000000000000533663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9b84aaa1bc41f92021-12-21 11:29:17.194root 11241100x8000000000000000533664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acd0cf657efb89e2021-12-21 11:29:17.194root 11241100x8000000000000000533665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2bdb544c629d8c2021-12-21 11:29:17.693root 11241100x8000000000000000533666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f125aea2cf42cd9f2021-12-21 11:29:17.693root 11241100x8000000000000000533667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e1818c2edd0f872021-12-21 11:29:17.693root 11241100x8000000000000000533668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369f3cda596b480f2021-12-21 11:29:17.693root 11241100x8000000000000000533669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d667d7b028b5ec3c2021-12-21 11:29:17.694root 11241100x8000000000000000533670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49959095a6a64ce2021-12-21 11:29:17.694root 11241100x8000000000000000533671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db0601d1ef0777d2021-12-21 11:29:17.694root 11241100x8000000000000000533672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae102f5faa14e452021-12-21 11:29:17.694root 11241100x8000000000000000533673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a051adc0f7a1a9422021-12-21 11:29:17.694root 11241100x8000000000000000533674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f79ad0572de70712021-12-21 11:29:17.694root 11241100x8000000000000000533675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac72bda91c7d1b812021-12-21 11:29:17.694root 11241100x8000000000000000533676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069154dcb85444662021-12-21 11:29:17.694root 11241100x8000000000000000533677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7962233e570f92021-12-21 11:29:17.694root 11241100x8000000000000000533678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75af165185e0e4912021-12-21 11:29:17.694root 11241100x8000000000000000533679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcce1a115ee413d2021-12-21 11:29:17.694root 11241100x8000000000000000533680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df2c734f16beeae2021-12-21 11:29:17.694root 11241100x8000000000000000533681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0391d70a17c78c02021-12-21 11:29:17.694root 11241100x8000000000000000533682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5177e9a6d803634b2021-12-21 11:29:17.694root 154100x8000000000000000533683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.921{ec2b6afe-ba8d-61c1-6804-be204e560000}9880/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000533684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:17.932{ec2b6afe-ba8d-61c1-6804-be204e560000}9880/bin/psroot 11241100x8000000000000000533685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a958dd665214ccd12021-12-21 11:29:18.192root 11241100x8000000000000000533686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79b395e7d88acc02021-12-21 11:29:18.193root 11241100x8000000000000000533687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e29a6bfd51bb572021-12-21 11:29:18.193root 11241100x8000000000000000533688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e6c7abb4ad2ac2021-12-21 11:29:18.193root 11241100x8000000000000000533689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66d9963486df3102021-12-21 11:29:18.193root 11241100x8000000000000000533690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5014c72fe661602021-12-21 11:29:18.193root 11241100x8000000000000000533691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55312c936750b5112021-12-21 11:29:18.193root 11241100x8000000000000000533692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a78d42380b89932021-12-21 11:29:18.194root 11241100x8000000000000000533693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daddedf42e33997c2021-12-21 11:29:18.194root 11241100x8000000000000000533694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f67948f534dedbd2021-12-21 11:29:18.194root 11241100x8000000000000000533695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe126ec4f1324422021-12-21 11:29:18.194root 11241100x8000000000000000533696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb4e1f9655998a82021-12-21 11:29:18.194root 11241100x8000000000000000533697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3ad66ab997aeca2021-12-21 11:29:18.194root 11241100x8000000000000000533698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8302586decb8492021-12-21 11:29:18.194root 11241100x8000000000000000533699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70c5c7161ae8c732021-12-21 11:29:18.194root 11241100x8000000000000000533700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b285620eb78e13ef2021-12-21 11:29:18.194root 11241100x8000000000000000533701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01a5feb4807e4132021-12-21 11:29:18.194root 11241100x8000000000000000533702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249cbfdb71fb0ddb2021-12-21 11:29:18.195root 11241100x8000000000000000533703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa1865287b8fe922021-12-21 11:29:18.195root 11241100x8000000000000000533704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e414268679bb80c52021-12-21 11:29:18.195root 11241100x8000000000000000533705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe3fe36ff1908232021-12-21 11:29:18.195root 11241100x8000000000000000533706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7d56be3cbc20942021-12-21 11:29:18.195root 11241100x8000000000000000533707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad7b025a2af96342021-12-21 11:29:18.195root 11241100x8000000000000000533708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60409e24c66e94102021-12-21 11:29:18.195root 11241100x8000000000000000533709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099eff6149cce91c2021-12-21 11:29:18.195root 11241100x8000000000000000533710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84591de0dc2050f2021-12-21 11:29:18.195root 11241100x8000000000000000533711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe25736dbb090382021-12-21 11:29:18.195root 11241100x8000000000000000533712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ea7e56823dff72021-12-21 11:29:18.196root 11241100x8000000000000000533713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc99afd03f28d582021-12-21 11:29:18.196root 11241100x8000000000000000533714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb6197e18c61462021-12-21 11:29:18.196root 11241100x8000000000000000533715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f0f98db981820b2021-12-21 11:29:18.693root 11241100x8000000000000000533716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feb210c5c9427f72021-12-21 11:29:18.693root 11241100x8000000000000000533717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797b916830bccb4b2021-12-21 11:29:18.693root 11241100x8000000000000000533718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4308f325e7681f52021-12-21 11:29:18.693root 11241100x8000000000000000533719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9b31c7cbf4047e2021-12-21 11:29:18.693root 11241100x8000000000000000533720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb45ee2ad0a8bb2021-12-21 11:29:18.694root 11241100x8000000000000000533721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81219433d4a5af3d2021-12-21 11:29:18.694root 11241100x8000000000000000533722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c40d5c30bec7532021-12-21 11:29:18.694root 11241100x8000000000000000533723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42707e785e4a7b2021-12-21 11:29:18.694root 11241100x8000000000000000533724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1eb5997b389bc2021-12-21 11:29:18.694root 11241100x8000000000000000533725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471d6fb13c2fc9a2021-12-21 11:29:18.694root 11241100x8000000000000000533726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa3308c9069b86e2021-12-21 11:29:18.694root 11241100x8000000000000000533727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c77d3337653452021-12-21 11:29:18.694root 11241100x8000000000000000533728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a7e7560e21bed72021-12-21 11:29:18.694root 11241100x8000000000000000533729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a1369fabe008852021-12-21 11:29:18.694root 11241100x8000000000000000533730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15415d0db26f6c242021-12-21 11:29:18.694root 11241100x8000000000000000533731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457589ce77e5481a2021-12-21 11:29:18.694root 11241100x8000000000000000533732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7118e501db1e81b2021-12-21 11:29:18.694root 11241100x8000000000000000533733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df594f018e536f2021-12-21 11:29:19.193root 11241100x8000000000000000533734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c782d56ee2ed7df2021-12-21 11:29:19.193root 11241100x8000000000000000533735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0701f9e2fc32b5de2021-12-21 11:29:19.193root 11241100x8000000000000000533736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4606f1fe9379c202021-12-21 11:29:19.193root 11241100x8000000000000000533737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c253c2194e0ca7ee2021-12-21 11:29:19.193root 11241100x8000000000000000533738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e09d9d4791454e82021-12-21 11:29:19.193root 11241100x8000000000000000533739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693212d9ab9d9b4e2021-12-21 11:29:19.193root 11241100x8000000000000000533740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f874bdb2b1c60082021-12-21 11:29:19.193root 11241100x8000000000000000533741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154975b07b37e2462021-12-21 11:29:19.193root 11241100x8000000000000000533742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8e6448078a2c162021-12-21 11:29:19.194root 11241100x8000000000000000533743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ea9ff8719211382021-12-21 11:29:19.194root 11241100x8000000000000000533744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526f0488cf4a725b2021-12-21 11:29:19.194root 11241100x8000000000000000533745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc92ef5e305a3f12021-12-21 11:29:19.194root 11241100x8000000000000000533746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f71b2082f2a53c2021-12-21 11:29:19.194root 11241100x8000000000000000533747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a24149d1c28642021-12-21 11:29:19.194root 11241100x8000000000000000533748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72814183c72314232021-12-21 11:29:19.194root 11241100x8000000000000000533749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab38d65edaa1a9c2021-12-21 11:29:19.194root 11241100x8000000000000000533750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0043dc87f08fed2021-12-21 11:29:19.194root 11241100x8000000000000000533751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ea56bc51617dc32021-12-21 11:29:19.195root 11241100x8000000000000000533752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0644731aab4a16d52021-12-21 11:29:19.195root 11241100x8000000000000000533753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef05823a6cc4eff52021-12-21 11:29:19.195root 11241100x8000000000000000533754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d3e968591e76bd2021-12-21 11:29:19.195root 11241100x8000000000000000533755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4178537d057467e2021-12-21 11:29:19.195root 11241100x8000000000000000533756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce2b15d7376c6172021-12-21 11:29:19.195root 11241100x8000000000000000533757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8651263cce909462021-12-21 11:29:19.195root 11241100x8000000000000000533758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6291bc267b908382021-12-21 11:29:19.196root 11241100x8000000000000000533759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4027bf25f2046892021-12-21 11:29:19.196root 11241100x8000000000000000533760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6205a6f60c23b9e42021-12-21 11:29:19.196root 11241100x8000000000000000533761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d16a30a05b25a52021-12-21 11:29:19.196root 11241100x8000000000000000533762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75677bccb6c64172021-12-21 11:29:19.693root 11241100x8000000000000000533763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9193bd7c479212fb2021-12-21 11:29:19.693root 11241100x8000000000000000533764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bec44a0066a9522021-12-21 11:29:19.693root 11241100x8000000000000000533765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f001de3cae0892e92021-12-21 11:29:19.693root 11241100x8000000000000000533766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24808d6e784b3932021-12-21 11:29:19.693root 11241100x8000000000000000533767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224885abe9c43b782021-12-21 11:29:19.693root 11241100x8000000000000000533768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddc8e6dbeb0caf02021-12-21 11:29:19.693root 11241100x8000000000000000533769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50978320127b56812021-12-21 11:29:19.694root 11241100x8000000000000000533770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e628bb87cb572e12021-12-21 11:29:19.694root 11241100x8000000000000000533771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba975aa7c88d3d992021-12-21 11:29:19.694root 11241100x8000000000000000533772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84fc2886b8642072021-12-21 11:29:19.694root 11241100x8000000000000000533773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bd4c5a9f60a5842021-12-21 11:29:19.694root 11241100x8000000000000000533774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab58df27d264dbc2021-12-21 11:29:19.694root 11241100x8000000000000000533775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e076a3fc45c2864b2021-12-21 11:29:19.694root 11241100x8000000000000000533776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba44ff0a79582252021-12-21 11:29:19.694root 11241100x8000000000000000533777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e498815d6ede2bf42021-12-21 11:29:19.694root 11241100x8000000000000000533778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc7ab3605154ff12021-12-21 11:29:19.695root 11241100x8000000000000000533779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9baf7dfa6afa3362021-12-21 11:29:19.695root 11241100x8000000000000000533780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df596fe068b7d39d2021-12-21 11:29:20.192root 11241100x8000000000000000533781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5321649e3c310c922021-12-21 11:29:20.193root 11241100x8000000000000000533782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816740f7c77eb03b2021-12-21 11:29:20.193root 11241100x8000000000000000533783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91d8cc699f1ded32021-12-21 11:29:20.193root 11241100x8000000000000000533784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb31f20529c5e25b2021-12-21 11:29:20.193root 11241100x8000000000000000533785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4f846caeed96662021-12-21 11:29:20.193root 11241100x8000000000000000533786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be8da9e0a50d2ac2021-12-21 11:29:20.193root 11241100x8000000000000000533787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c48eba35f333fc22021-12-21 11:29:20.193root 11241100x8000000000000000533788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a487a98e45f551d2021-12-21 11:29:20.193root 11241100x8000000000000000533789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5470a848418ca7af2021-12-21 11:29:20.193root 11241100x8000000000000000533790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9e9cb34636f3282021-12-21 11:29:20.193root 11241100x8000000000000000533791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131ff899145d80c62021-12-21 11:29:20.194root 11241100x8000000000000000533792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4500a20f44a569d92021-12-21 11:29:20.194root 11241100x8000000000000000533793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf018ff10985aaf2021-12-21 11:29:20.194root 11241100x8000000000000000533794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839b6aa445b5a69b2021-12-21 11:29:20.194root 11241100x8000000000000000533795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65f216c890d91092021-12-21 11:29:20.194root 11241100x8000000000000000533796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08270d87de5272982021-12-21 11:29:20.194root 11241100x8000000000000000533797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d43aab17d326f2021-12-21 11:29:20.194root 11241100x8000000000000000533798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb889f5f2155f1a2021-12-21 11:29:20.194root 11241100x8000000000000000533799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9544de4f2ee642021-12-21 11:29:20.194root 11241100x8000000000000000533800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace291c143975a032021-12-21 11:29:20.194root 11241100x8000000000000000533801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e070e84b01d810cc2021-12-21 11:29:20.194root 11241100x8000000000000000533802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b34b613243748f52021-12-21 11:29:20.195root 11241100x8000000000000000533803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775092bf13648612021-12-21 11:29:20.195root 11241100x8000000000000000533804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbb14693922efa22021-12-21 11:29:20.195root 11241100x8000000000000000533805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95473bbc11eba4912021-12-21 11:29:20.195root 11241100x8000000000000000533806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc261b7f67c2b942021-12-21 11:29:20.195root 11241100x8000000000000000533807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccb03bb25fa0b772021-12-21 11:29:20.195root 11241100x8000000000000000533808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560337c0d28269742021-12-21 11:29:20.195root 11241100x8000000000000000533809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087c7e25d54635fe2021-12-21 11:29:20.195root 11241100x8000000000000000533810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae9b1e6981cec6e2021-12-21 11:29:20.195root 11241100x8000000000000000533811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6806704f0f9234782021-12-21 11:29:20.195root 11241100x8000000000000000533812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e225cc761bb859522021-12-21 11:29:20.196root 11241100x8000000000000000533813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5196b624cbdfd67b2021-12-21 11:29:20.196root 11241100x8000000000000000533814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1a4dc13debe8b62021-12-21 11:29:20.196root 11241100x8000000000000000533815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e1f13a176c4252021-12-21 11:29:20.196root 11241100x8000000000000000533816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaefc551dafb5d82021-12-21 11:29:20.196root 11241100x8000000000000000533817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba8cd9002f33ad12021-12-21 11:29:20.196root 11241100x8000000000000000533818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26af55447252d8ea2021-12-21 11:29:20.196root 11241100x8000000000000000533819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db9fc9027d94d52021-12-21 11:29:20.196root 11241100x8000000000000000533820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1df68788d6c73922021-12-21 11:29:20.196root 11241100x8000000000000000533821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63ae99db8aaf8ef2021-12-21 11:29:20.196root 11241100x8000000000000000533822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8635614c53be8c752021-12-21 11:29:20.196root 11241100x8000000000000000533823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40822a4a32826ea12021-12-21 11:29:20.196root 11241100x8000000000000000533824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3fc8276807fbe72021-12-21 11:29:20.196root 11241100x8000000000000000533825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c1a2084c782c6b2021-12-21 11:29:20.693root 11241100x8000000000000000533826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b5e36b34ffb9d32021-12-21 11:29:20.693root 11241100x8000000000000000533827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcbbefea53e51612021-12-21 11:29:20.693root 11241100x8000000000000000533828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9361fe0e202625252021-12-21 11:29:20.693root 11241100x8000000000000000533829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3a9d6f6aa3d2442021-12-21 11:29:20.693root 11241100x8000000000000000533830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7612680af7081b212021-12-21 11:29:20.693root 11241100x8000000000000000533831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eb5d3659ed079e2021-12-21 11:29:20.693root 11241100x8000000000000000533832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8acbcc953c833992021-12-21 11:29:20.693root 11241100x8000000000000000533833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce0a106ce4dfa62021-12-21 11:29:20.693root 11241100x8000000000000000533834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419e5b235c6e9b602021-12-21 11:29:20.694root 11241100x8000000000000000533835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717583438ef4431d2021-12-21 11:29:20.694root 11241100x8000000000000000533836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de10ca2d70bd0daf2021-12-21 11:29:20.694root 11241100x8000000000000000533837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d0614bb816a872021-12-21 11:29:20.694root 11241100x8000000000000000533838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb482baaf6136822021-12-21 11:29:20.694root 11241100x8000000000000000533839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25fe2e707751fc12021-12-21 11:29:20.694root 11241100x8000000000000000533840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9305e4dd6258e2fa2021-12-21 11:29:20.694root 11241100x8000000000000000533841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e25ab6237427f2021-12-21 11:29:20.694root 11241100x8000000000000000533842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556cc782920ddfef2021-12-21 11:29:20.694root 11241100x8000000000000000533843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b098dedb976cdc82021-12-21 11:29:20.694root 11241100x8000000000000000533844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76e384d19d42392021-12-21 11:29:20.694root 11241100x8000000000000000533845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6c23639ca83682021-12-21 11:29:20.694root 11241100x8000000000000000533846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bdcad3dca5a6e02021-12-21 11:29:21.193root 11241100x8000000000000000533847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e616c1982098855e2021-12-21 11:29:21.193root 11241100x8000000000000000533848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0319c4ad8f0f215a2021-12-21 11:29:21.193root 11241100x8000000000000000533849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a5d81416895ec72021-12-21 11:29:21.193root 11241100x8000000000000000533850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1be957b8199a0d2021-12-21 11:29:21.193root 11241100x8000000000000000533851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c157620409c44b72021-12-21 11:29:21.193root 11241100x8000000000000000533852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4182a1615b5b58d2021-12-21 11:29:21.194root 11241100x8000000000000000533853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4effa5d53c79a1db2021-12-21 11:29:21.194root 11241100x8000000000000000533854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec0b45a9d023bc22021-12-21 11:29:21.194root 11241100x8000000000000000533855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09a371b0cd068dc2021-12-21 11:29:21.194root 11241100x8000000000000000533856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53ce262a7eab772021-12-21 11:29:21.194root 11241100x8000000000000000533857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bd5b8bbca6a3482021-12-21 11:29:21.194root 11241100x8000000000000000533858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd20c1575b640df2021-12-21 11:29:21.194root 11241100x8000000000000000533859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae30f7c861173502021-12-21 11:29:21.194root 11241100x8000000000000000533860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099cafa3c2f0fe82021-12-21 11:29:21.194root 11241100x8000000000000000533861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfc343826b058242021-12-21 11:29:21.194root 11241100x8000000000000000533862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040b1c648dcf14e82021-12-21 11:29:21.194root 11241100x8000000000000000533863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e054ecc965d109c2021-12-21 11:29:21.194root 11241100x8000000000000000533864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174803e8313ce2da2021-12-21 11:29:21.693root 11241100x8000000000000000533865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7430860869460e2021-12-21 11:29:21.693root 11241100x8000000000000000533866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0ff72f8d4a4b4f2021-12-21 11:29:21.693root 11241100x8000000000000000533867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441425747d7c3a72021-12-21 11:29:21.693root 11241100x8000000000000000533868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19953673868c6e0a2021-12-21 11:29:21.693root 11241100x8000000000000000533869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e4865769281192021-12-21 11:29:21.693root 11241100x8000000000000000533870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0978e9660e00f3412021-12-21 11:29:21.693root 11241100x8000000000000000533871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c42f90347819142021-12-21 11:29:21.693root 11241100x8000000000000000533872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881f9b6e692e73bd2021-12-21 11:29:21.693root 11241100x8000000000000000533873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7670ce21cce43b752021-12-21 11:29:21.694root 11241100x8000000000000000533874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec913916ac8ae5eb2021-12-21 11:29:21.694root 11241100x8000000000000000533875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef154591844ebabf2021-12-21 11:29:21.694root 11241100x8000000000000000533876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d277537a3760cbdd2021-12-21 11:29:21.694root 11241100x8000000000000000533877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b72ecd8285941c92021-12-21 11:29:21.694root 11241100x8000000000000000533878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2e95736f49cfd12021-12-21 11:29:21.694root 11241100x8000000000000000533879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d944f9f7841a6acf2021-12-21 11:29:21.694root 11241100x8000000000000000533880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c6510d1fea17c72021-12-21 11:29:21.694root 11241100x8000000000000000533881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2baa1e36920b9512021-12-21 11:29:21.694root 11241100x8000000000000000533882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2edce63689b12a22021-12-21 11:29:21.695root 11241100x8000000000000000533883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dedabc24bd3a8ae2021-12-21 11:29:21.695root 11241100x8000000000000000533884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5132078653ea9c42021-12-21 11:29:21.695root 11241100x8000000000000000533885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f505b617394f3e742021-12-21 11:29:21.695root 11241100x8000000000000000533886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84db4e167d1eedb2021-12-21 11:29:21.695root 11241100x8000000000000000533887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815bb80c7982c4e12021-12-21 11:29:21.695root 11241100x8000000000000000533888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75100fb9ed9cc99d2021-12-21 11:29:21.695root 11241100x8000000000000000533889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78214db8f80d0fd2021-12-21 11:29:21.695root 11241100x8000000000000000533890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f27d8bb2f39787e2021-12-21 11:29:21.695root 11241100x8000000000000000533891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f899026d075ad32021-12-21 11:29:21.695root 11241100x8000000000000000533892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5dd1fc75f07d2b2021-12-21 11:29:21.695root 354300x8000000000000000533893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.057{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48610-false10.0.1.12-8000- 11241100x8000000000000000533894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc8e149487b9f752021-12-21 11:29:22.057root 11241100x8000000000000000533895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45c35dfbe92d1782021-12-21 11:29:22.058root 11241100x8000000000000000533896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358b6130fb5cd9092021-12-21 11:29:22.058root 11241100x8000000000000000533897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1fe42eef1485e02021-12-21 11:29:22.058root 11241100x8000000000000000533898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd03d35a6801b012021-12-21 11:29:22.058root 11241100x8000000000000000533899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d0121352c1ba802021-12-21 11:29:22.058root 11241100x8000000000000000533900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713834d70b0f9fbd2021-12-21 11:29:22.058root 11241100x8000000000000000533901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdef36f6ad07ecb2021-12-21 11:29:22.058root 11241100x8000000000000000533902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.058{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de522d0ee98cdcb02021-12-21 11:29:22.058root 11241100x8000000000000000533903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf98cab020c92272021-12-21 11:29:22.059root 11241100x8000000000000000533904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65058855cc4791582021-12-21 11:29:22.059root 11241100x8000000000000000533905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf7beb20e5b907b2021-12-21 11:29:22.059root 11241100x8000000000000000533906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e36315548cf152021-12-21 11:29:22.059root 11241100x8000000000000000533907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85325b4f2981d9a2021-12-21 11:29:22.059root 11241100x8000000000000000533908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3570f7ed63ebf0e52021-12-21 11:29:22.059root 11241100x8000000000000000533909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242176bd6b51bcc52021-12-21 11:29:22.059root 11241100x8000000000000000533910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ccaca9436e09bf2021-12-21 11:29:22.059root 11241100x8000000000000000533911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.059{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b3257ff6d916ad2021-12-21 11:29:22.059root 11241100x8000000000000000533912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66fee8d8a9b12e92021-12-21 11:29:22.060root 11241100x8000000000000000533913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e6c6b3edd034a82021-12-21 11:29:22.060root 11241100x8000000000000000533914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fe4c08d811a35a2021-12-21 11:29:22.060root 11241100x8000000000000000533915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fb08e2530f75ba2021-12-21 11:29:22.060root 11241100x8000000000000000533916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a65a117fd5a1692021-12-21 11:29:22.060root 11241100x8000000000000000533917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2778f1a475647812021-12-21 11:29:22.060root 11241100x8000000000000000533918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b28087339e34fd2021-12-21 11:29:22.060root 11241100x8000000000000000533919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f463ac5805e66f2021-12-21 11:29:22.060root 11241100x8000000000000000533920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.060{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce19847bada7ac472021-12-21 11:29:22.060root 11241100x8000000000000000533921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896e81f6453d6cb2021-12-21 11:29:22.443root 11241100x8000000000000000533922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d05733e03fee092021-12-21 11:29:22.443root 11241100x8000000000000000533923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55436d8ddce47c7f2021-12-21 11:29:22.443root 11241100x8000000000000000533924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865a1ea366f7e87d2021-12-21 11:29:22.444root 11241100x8000000000000000533925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30df13f2c125c292021-12-21 11:29:22.444root 11241100x8000000000000000533926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9310e87cf770d42021-12-21 11:29:22.444root 11241100x8000000000000000533927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a787feb809986a2021-12-21 11:29:22.444root 11241100x8000000000000000533928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b8dbbf763734b12021-12-21 11:29:22.444root 11241100x8000000000000000533929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed56cc76d7db16c2021-12-21 11:29:22.444root 11241100x8000000000000000533930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab81c46587252f7b2021-12-21 11:29:22.444root 11241100x8000000000000000533931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc03d3a7bfe018742021-12-21 11:29:22.444root 11241100x8000000000000000533932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc241aa14cbc3eb72021-12-21 11:29:22.444root 11241100x8000000000000000533933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e7ab19c91450fe2021-12-21 11:29:22.444root 11241100x8000000000000000533934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8283a274ac39a812021-12-21 11:29:22.444root 11241100x8000000000000000533935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431bf480577e27822021-12-21 11:29:22.444root 11241100x8000000000000000533936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86370f664a007c2d2021-12-21 11:29:22.444root 11241100x8000000000000000533937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efc218e9b6e64232021-12-21 11:29:22.444root 11241100x8000000000000000533938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadaf71395d8e2c42021-12-21 11:29:22.444root 11241100x8000000000000000533939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3909327351544b2021-12-21 11:29:22.445root 11241100x8000000000000000533940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d946f908a91b8b12021-12-21 11:29:22.943root 11241100x8000000000000000533941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7687bcb836acc02021-12-21 11:29:22.943root 11241100x8000000000000000533942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f824601952af7fa02021-12-21 11:29:22.943root 11241100x8000000000000000533943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4c1ce1f27f7f4d2021-12-21 11:29:22.943root 11241100x8000000000000000533944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8359aa13db6a4f7f2021-12-21 11:29:22.943root 11241100x8000000000000000533945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de356fe766266bef2021-12-21 11:29:22.944root 11241100x8000000000000000533946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84f99fbc439586c2021-12-21 11:29:22.944root 11241100x8000000000000000533947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a812b272b01b372021-12-21 11:29:22.944root 11241100x8000000000000000533948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0448d7d3daf6b732021-12-21 11:29:22.944root 11241100x8000000000000000533949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73842f94c4a631452021-12-21 11:29:22.944root 11241100x8000000000000000533950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf384a894f4ddac2021-12-21 11:29:22.944root 11241100x8000000000000000533951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382fd2f0ca3d8af02021-12-21 11:29:22.944root 11241100x8000000000000000533952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce3254c9878ef022021-12-21 11:29:22.944root 11241100x8000000000000000533953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a0ac5404b97fe82021-12-21 11:29:22.944root 11241100x8000000000000000533954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67d9fc93f607232021-12-21 11:29:22.945root 11241100x8000000000000000533955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d81b5e12a3c35d2021-12-21 11:29:22.945root 11241100x8000000000000000533956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ccf9d14bdd99d02021-12-21 11:29:22.945root 11241100x8000000000000000533957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0934ae8a19f6cc602021-12-21 11:29:22.945root 11241100x8000000000000000533958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68576d77c9db88502021-12-21 11:29:22.945root 11241100x8000000000000000533959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec95d89aefad65dc2021-12-21 11:29:23.443root 11241100x8000000000000000533960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c397773df4e73a2021-12-21 11:29:23.443root 11241100x8000000000000000533961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c11bea4f52178b2021-12-21 11:29:23.443root 11241100x8000000000000000533962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb389082a5c94a002021-12-21 11:29:23.443root 11241100x8000000000000000533963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f814483679f543262021-12-21 11:29:23.443root 11241100x8000000000000000533964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9915cc6b0dd9c2ad2021-12-21 11:29:23.444root 11241100x8000000000000000533965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2586f1fe920bbc4b2021-12-21 11:29:23.444root 11241100x8000000000000000533966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3e2cce1e700f282021-12-21 11:29:23.444root 11241100x8000000000000000533967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea3f8c574e124d62021-12-21 11:29:23.444root 11241100x8000000000000000533968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a2e047e57606ed2021-12-21 11:29:23.444root 11241100x8000000000000000533969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d228963a3b542abb2021-12-21 11:29:23.444root 11241100x8000000000000000533970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49114147f2d56da2021-12-21 11:29:23.444root 11241100x8000000000000000533971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01733e55ca4ccab2021-12-21 11:29:23.444root 11241100x8000000000000000533972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9154388232ff65a2021-12-21 11:29:23.444root 11241100x8000000000000000533973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cfb0902e209d912021-12-21 11:29:23.444root 11241100x8000000000000000533974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1476b96b3a99185e2021-12-21 11:29:23.444root 11241100x8000000000000000533975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964de37642e3a66a2021-12-21 11:29:23.444root 11241100x8000000000000000533976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2472f14e354311102021-12-21 11:29:23.444root 11241100x8000000000000000533977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38740bc6fb2a7ff32021-12-21 11:29:23.444root 11241100x8000000000000000533978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a596373c9b3c12021-12-21 11:29:23.942root 11241100x8000000000000000533979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf9258eea59dddf2021-12-21 11:29:23.943root 11241100x8000000000000000533980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525610486103b40d2021-12-21 11:29:23.943root 11241100x8000000000000000533981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ed31109b7800e62021-12-21 11:29:23.943root 11241100x8000000000000000533982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82837d4d37ec41ac2021-12-21 11:29:23.944root 11241100x8000000000000000533983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6528a6e298b48f2021-12-21 11:29:23.944root 11241100x8000000000000000533984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a516180779f2032021-12-21 11:29:23.944root 11241100x8000000000000000533985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9185e93afeac052e2021-12-21 11:29:23.944root 11241100x8000000000000000533986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410e32a2e5951cde2021-12-21 11:29:23.944root 11241100x8000000000000000533987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c0f4e71907bf42021-12-21 11:29:23.944root 11241100x8000000000000000533988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e2538c46eff7032021-12-21 11:29:23.944root 11241100x8000000000000000533989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d10f18a5d7bc152021-12-21 11:29:23.944root 11241100x8000000000000000533990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b93f2b9f255ebc2021-12-21 11:29:23.944root 11241100x8000000000000000533991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b528fb042cdab82021-12-21 11:29:23.944root 11241100x8000000000000000533992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c302b7846a23e72021-12-21 11:29:23.944root 11241100x8000000000000000533993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e3904cb1ebdc4c2021-12-21 11:29:23.944root 11241100x8000000000000000533994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15b28cac81d9882021-12-21 11:29:23.945root 11241100x8000000000000000533995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3b37e5682f0c52021-12-21 11:29:23.945root 11241100x8000000000000000533996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98adb26d87ca724f2021-12-21 11:29:23.945root 11241100x8000000000000000533997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ce3ec9abb62fca2021-12-21 11:29:24.443root 11241100x8000000000000000533998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed78748dae9811a62021-12-21 11:29:24.443root 11241100x8000000000000000533999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cd36485ff07bf22021-12-21 11:29:24.443root 11241100x8000000000000000534000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d2f152d294e4062021-12-21 11:29:24.443root 11241100x8000000000000000534001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63f87cab9fd097f2021-12-21 11:29:24.444root 11241100x8000000000000000534002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168bb4c5bdc376262021-12-21 11:29:24.444root 11241100x8000000000000000534003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a18318a5fd233e2021-12-21 11:29:24.444root 11241100x8000000000000000534004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f654b6d959b772d92021-12-21 11:29:24.444root 11241100x8000000000000000534005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9061a2dc36d55e802021-12-21 11:29:24.444root 11241100x8000000000000000534006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f011cbcb27a61282021-12-21 11:29:24.444root 11241100x8000000000000000534007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa88fcc8f1ee8222021-12-21 11:29:24.444root 11241100x8000000000000000534008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f384598c95fa49ec2021-12-21 11:29:24.444root 11241100x8000000000000000534009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ba76425396afd2021-12-21 11:29:24.444root 11241100x8000000000000000534010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716d31cfc403e3742021-12-21 11:29:24.444root 11241100x8000000000000000534011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f9d87667b72c832021-12-21 11:29:24.444root 11241100x8000000000000000534012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46a50ae5cb76ec12021-12-21 11:29:24.444root 11241100x8000000000000000534013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f6b4af87d9d0c2021-12-21 11:29:24.444root 11241100x8000000000000000534014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b7730ba20cbc7b2021-12-21 11:29:24.445root 11241100x8000000000000000534015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f0592dd4e1379a2021-12-21 11:29:24.445root 11241100x8000000000000000534016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a563b3e2b183fc2021-12-21 11:29:24.943root 11241100x8000000000000000534017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd486e99a806c72021-12-21 11:29:24.943root 11241100x8000000000000000534018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc8e5fdf980c63f2021-12-21 11:29:24.943root 11241100x8000000000000000534019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3fedf7d5578c832021-12-21 11:29:24.943root 11241100x8000000000000000534020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d84e9c06df1dc62021-12-21 11:29:24.944root 11241100x8000000000000000534021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4dc014e8eeaa992021-12-21 11:29:24.944root 11241100x8000000000000000534022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a9164f36dd0edb2021-12-21 11:29:24.944root 11241100x8000000000000000534023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfd50457ba9c652021-12-21 11:29:24.944root 11241100x8000000000000000534024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bef5b2ce873c342021-12-21 11:29:24.944root 11241100x8000000000000000534025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8a9a2750802992021-12-21 11:29:24.944root 11241100x8000000000000000534026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c294866a69f394132021-12-21 11:29:24.944root 11241100x8000000000000000534027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31912901e09faa3c2021-12-21 11:29:24.944root 11241100x8000000000000000534028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df824bbfb90d56b62021-12-21 11:29:24.944root 11241100x8000000000000000534029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5becb88d424751ec2021-12-21 11:29:24.944root 11241100x8000000000000000534030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aeb6b3671326112021-12-21 11:29:24.944root 11241100x8000000000000000534031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9556903417baff52021-12-21 11:29:24.944root 11241100x8000000000000000534032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cc43f1c387a4432021-12-21 11:29:24.944root 11241100x8000000000000000534033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37536a717150030a2021-12-21 11:29:24.944root 11241100x8000000000000000534034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7f8959d119f4e72021-12-21 11:29:24.944root 11241100x8000000000000000534035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba88cd8de57052f2021-12-21 11:29:25.443root 11241100x8000000000000000534036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc3912fedbd61262021-12-21 11:29:25.443root 11241100x8000000000000000534037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2f897b9c14625b2021-12-21 11:29:25.443root 11241100x8000000000000000534038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcea81a70fcff932021-12-21 11:29:25.443root 11241100x8000000000000000534039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3419dfcb6a04fb502021-12-21 11:29:25.443root 11241100x8000000000000000534040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ce3fea7eb0b1962021-12-21 11:29:25.444root 11241100x8000000000000000534041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7490c3c3fc0d34ac2021-12-21 11:29:25.444root 11241100x8000000000000000534042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d368e02b20b42fd2021-12-21 11:29:25.444root 11241100x8000000000000000534043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe277881eed7c4f2021-12-21 11:29:25.444root 11241100x8000000000000000534044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e6380c45a8158c2021-12-21 11:29:25.444root 11241100x8000000000000000534045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f69ed95207731c12021-12-21 11:29:25.444root 11241100x8000000000000000534046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2615222cfe488d52021-12-21 11:29:25.444root 11241100x8000000000000000534047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e2ae6ab08f0ea82021-12-21 11:29:25.444root 11241100x8000000000000000534048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6477c286eb55ad002021-12-21 11:29:25.444root 11241100x8000000000000000534049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c747b615ab2168712021-12-21 11:29:25.444root 11241100x8000000000000000534050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d289cdabf89f92021-12-21 11:29:25.444root 11241100x8000000000000000534051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739c02759d9f46362021-12-21 11:29:25.444root 11241100x8000000000000000534052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ae2511b6cdc69e2021-12-21 11:29:25.444root 11241100x8000000000000000534053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b3d2c0fadabc382021-12-21 11:29:25.444root 354300x8000000000000000534054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.467{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35676-false10.0.1.12-8089- 11241100x8000000000000000534055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073613a51e59077c2021-12-21 11:29:25.943root 11241100x8000000000000000534056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e095a04fa452e9e02021-12-21 11:29:25.943root 11241100x8000000000000000534057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699bbf9a3cb62fe52021-12-21 11:29:25.944root 11241100x8000000000000000534058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0552ee0c5edcc7692021-12-21 11:29:25.944root 11241100x8000000000000000534059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696697f88804a8ca2021-12-21 11:29:25.944root 11241100x8000000000000000534060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fd5e5d0d2a357a2021-12-21 11:29:25.944root 11241100x8000000000000000534061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49890f51f0f9b42021-12-21 11:29:25.944root 11241100x8000000000000000534062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ede395f8d0b1b992021-12-21 11:29:25.944root 11241100x8000000000000000534063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f4c01500cc34152021-12-21 11:29:25.944root 11241100x8000000000000000534064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148dffc821c78fef2021-12-21 11:29:25.945root 11241100x8000000000000000534065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3c4f5fc34718712021-12-21 11:29:25.945root 11241100x8000000000000000534066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25ec49cf6198fdc2021-12-21 11:29:25.945root 11241100x8000000000000000534067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291a752b9f04fc1e2021-12-21 11:29:25.945root 11241100x8000000000000000534068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a41b4d3bc96c5d2021-12-21 11:29:25.945root 11241100x8000000000000000534069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea2d8f8b064bfd22021-12-21 11:29:25.945root 11241100x8000000000000000534070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd9303dd049c5cb2021-12-21 11:29:25.945root 11241100x8000000000000000534071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad835c94a70a4852021-12-21 11:29:25.945root 11241100x8000000000000000534072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7e8b3335132ace2021-12-21 11:29:25.945root 11241100x8000000000000000534073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9b9e101cae08b82021-12-21 11:29:25.945root 11241100x8000000000000000534074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7352622dcef4a92021-12-21 11:29:25.945root 11241100x8000000000000000534075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c50c92ba5a65bb22021-12-21 11:29:26.443root 11241100x8000000000000000534076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6956ac8686e72812021-12-21 11:29:26.443root 11241100x8000000000000000534077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe87f374113ad072021-12-21 11:29:26.443root 11241100x8000000000000000534078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1add47fcf224e6132021-12-21 11:29:26.443root 11241100x8000000000000000534079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d3562d5bf42dc12021-12-21 11:29:26.444root 11241100x8000000000000000534080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd2d23b047d7a52021-12-21 11:29:26.444root 11241100x8000000000000000534081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e5ee4575f5ec4f2021-12-21 11:29:26.444root 11241100x8000000000000000534082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2507d7cb3ffc24e42021-12-21 11:29:26.444root 11241100x8000000000000000534083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322268f4387ad1992021-12-21 11:29:26.444root 11241100x8000000000000000534084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e9530d60a73232021-12-21 11:29:26.444root 11241100x8000000000000000534085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aaa1a22a494fa12021-12-21 11:29:26.444root 11241100x8000000000000000534086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff9cb3e96bebe262021-12-21 11:29:26.444root 11241100x8000000000000000534087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc285e91de56f872021-12-21 11:29:26.444root 11241100x8000000000000000534088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eca0a9a1e6e1f42021-12-21 11:29:26.444root 11241100x8000000000000000534089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed9e608a451f6ca2021-12-21 11:29:26.444root 11241100x8000000000000000534090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40bd1534fb7c7a82021-12-21 11:29:26.444root 11241100x8000000000000000534091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4d4f244ef7cace2021-12-21 11:29:26.444root 11241100x8000000000000000534092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e6710adb6998ed2021-12-21 11:29:26.444root 11241100x8000000000000000534093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1af5a4afce24f2021-12-21 11:29:26.444root 11241100x8000000000000000534094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e5768fd08eaee2021-12-21 11:29:26.444root 11241100x8000000000000000534095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba61901b4bfadd832021-12-21 11:29:26.943root 11241100x8000000000000000534096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ea46a3a2c4c18c2021-12-21 11:29:26.943root 11241100x8000000000000000534097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857e8f1780b58502021-12-21 11:29:26.943root 11241100x8000000000000000534098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2ca8739e30fd22021-12-21 11:29:26.943root 11241100x8000000000000000534099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19710f52b06a7fb72021-12-21 11:29:26.943root 11241100x8000000000000000534100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7181c675d5af2a2021-12-21 11:29:26.944root 11241100x8000000000000000534101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df9d10a39ef24a02021-12-21 11:29:26.944root 11241100x8000000000000000534102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7438a1266fa63d702021-12-21 11:29:26.944root 11241100x8000000000000000534103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6b1f4f0d84fb072021-12-21 11:29:26.944root 11241100x8000000000000000534104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad82c6e028cc20fa2021-12-21 11:29:26.944root 11241100x8000000000000000534105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec4f1ffc17ff25c2021-12-21 11:29:26.944root 11241100x8000000000000000534106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e9cfcb8996cdcd2021-12-21 11:29:26.944root 11241100x8000000000000000534107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6742c1f08a929f162021-12-21 11:29:26.944root 11241100x8000000000000000534108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22c8cef199e15362021-12-21 11:29:26.944root 11241100x8000000000000000534109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c2532c39d195792021-12-21 11:29:26.945root 11241100x8000000000000000534110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8884cecbf7202ad2021-12-21 11:29:26.945root 11241100x8000000000000000534111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69224b17c3eb14bd2021-12-21 11:29:26.945root 11241100x8000000000000000534112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175c123cb484cfeb2021-12-21 11:29:26.945root 11241100x8000000000000000534113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c0452eff62d2672021-12-21 11:29:26.945root 11241100x8000000000000000534114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9bd76387f594d62021-12-21 11:29:26.945root 11241100x8000000000000000534115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963ffe1c60b52b4c2021-12-21 11:29:27.442root 11241100x8000000000000000534116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def697e27f330a882021-12-21 11:29:27.443root 11241100x8000000000000000534117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8a9150e90ab1042021-12-21 11:29:27.443root 11241100x8000000000000000534118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d227670c4a2ecd2021-12-21 11:29:27.443root 11241100x8000000000000000534119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f99591fa8d203a2021-12-21 11:29:27.443root 11241100x8000000000000000534120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26593fa2dd7b83f32021-12-21 11:29:27.444root 11241100x8000000000000000534121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447b317cde1b368e2021-12-21 11:29:27.444root 11241100x8000000000000000534122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a3cd9110c13f1a2021-12-21 11:29:27.444root 11241100x8000000000000000534123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9d7222a9489ede2021-12-21 11:29:27.444root 11241100x8000000000000000534124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e5a168e280bfee2021-12-21 11:29:27.444root 11241100x8000000000000000534125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3c16fdb5bc4fb02021-12-21 11:29:27.444root 11241100x8000000000000000534126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1743de7e06a5ec2021-12-21 11:29:27.445root 11241100x8000000000000000534127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896c8ff68b69f5072021-12-21 11:29:27.445root 11241100x8000000000000000534128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec460bd07bbc87852021-12-21 11:29:27.445root 11241100x8000000000000000534129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6f201f93c0aa442021-12-21 11:29:27.445root 11241100x8000000000000000534130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c070d1e7caf9f3c2021-12-21 11:29:27.445root 11241100x8000000000000000534131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66de23756c7046e2021-12-21 11:29:27.445root 11241100x8000000000000000534132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3a08055f5e4d092021-12-21 11:29:27.445root 11241100x8000000000000000534133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b7c2db0f57171c2021-12-21 11:29:27.445root 11241100x8000000000000000534134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9d5f163d731e582021-12-21 11:29:27.445root 11241100x8000000000000000534135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038e73653ec96772021-12-21 11:29:27.445root 11241100x8000000000000000534136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addea987d604b8e32021-12-21 11:29:27.445root 11241100x8000000000000000534137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d698f89bb46a32bc2021-12-21 11:29:27.445root 11241100x8000000000000000534138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1c308be5f47aa2021-12-21 11:29:27.446root 11241100x8000000000000000534139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e7b93297e71f7f2021-12-21 11:29:27.446root 11241100x8000000000000000534140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228881c93d6ab8802021-12-21 11:29:27.446root 11241100x8000000000000000534141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0feac61d38b3d2021-12-21 11:29:27.943root 11241100x8000000000000000534142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b906cab17451a0e92021-12-21 11:29:27.943root 11241100x8000000000000000534143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c85bcf326d3eea2021-12-21 11:29:27.943root 11241100x8000000000000000534144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca7d922cc9e05452021-12-21 11:29:27.943root 11241100x8000000000000000534145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa066b0e680419572021-12-21 11:29:27.943root 11241100x8000000000000000534146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a24f46a8768f2062021-12-21 11:29:27.944root 11241100x8000000000000000534147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfa636cf879f9922021-12-21 11:29:27.944root 11241100x8000000000000000534148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8612d3625b06dc2021-12-21 11:29:27.944root 11241100x8000000000000000534149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09cd10d740676952021-12-21 11:29:27.944root 11241100x8000000000000000534150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc73488ad895492021-12-21 11:29:27.944root 11241100x8000000000000000534151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2472e09f1350732021-12-21 11:29:27.944root 11241100x8000000000000000534152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcef2c6609b8c53f2021-12-21 11:29:27.944root 11241100x8000000000000000534153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11742093bb84155d2021-12-21 11:29:27.944root 11241100x8000000000000000534154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636d82c90018ca692021-12-21 11:29:27.945root 11241100x8000000000000000534155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71de64cf0ccccd6d2021-12-21 11:29:27.945root 11241100x8000000000000000534156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddee589984326622021-12-21 11:29:27.945root 11241100x8000000000000000534157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047280e893e93ca62021-12-21 11:29:27.945root 11241100x8000000000000000534158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef72fe1539f99012021-12-21 11:29:27.945root 11241100x8000000000000000534159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fabb3d3c42002172021-12-21 11:29:27.945root 11241100x8000000000000000534160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f713a27c2c31212021-12-21 11:29:27.945root 354300x8000000000000000534161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.017{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48614-false10.0.1.12-8000- 11241100x8000000000000000534162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395e0237453535372021-12-21 11:29:28.443root 11241100x8000000000000000534163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dfbc280c16de4e2021-12-21 11:29:28.443root 11241100x8000000000000000534164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898615e8a17efa0d2021-12-21 11:29:28.443root 11241100x8000000000000000534165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ea38be71ab96bc2021-12-21 11:29:28.443root 11241100x8000000000000000534166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe35e890af889202021-12-21 11:29:28.443root 11241100x8000000000000000534167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d48f9180da7580a2021-12-21 11:29:28.443root 11241100x8000000000000000534168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282bc8a3082684d42021-12-21 11:29:28.443root 11241100x8000000000000000534169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16179e583448f8862021-12-21 11:29:28.443root 11241100x8000000000000000534170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a025356e4199b37f2021-12-21 11:29:28.444root 11241100x8000000000000000534171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c550b64582b1f72021-12-21 11:29:28.444root 11241100x8000000000000000534172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a106eb89ea31f44c2021-12-21 11:29:28.444root 11241100x8000000000000000534173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d85370c0a7d7b8e2021-12-21 11:29:28.444root 11241100x8000000000000000534174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27491930b4d237082021-12-21 11:29:28.444root 11241100x8000000000000000534175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98444a0c2380031c2021-12-21 11:29:28.444root 11241100x8000000000000000534176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59af4a75ee4ced42021-12-21 11:29:28.444root 11241100x8000000000000000534177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b9d3191cd5d42b2021-12-21 11:29:28.444root 11241100x8000000000000000534178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f2aed4d75776f02021-12-21 11:29:28.444root 11241100x8000000000000000534179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ca1e435c6bb602021-12-21 11:29:28.444root 11241100x8000000000000000534180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b2f45d47af8acd2021-12-21 11:29:28.444root 11241100x8000000000000000534181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230269865f4858412021-12-21 11:29:28.445root 11241100x8000000000000000534182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9601073cf8eb57912021-12-21 11:29:28.445root 11241100x8000000000000000534183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b66a83378aacd2021-12-21 11:29:28.445root 11241100x8000000000000000534184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661f1ebbf2c01ae32021-12-21 11:29:28.445root 11241100x8000000000000000534185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088cb33adb0396c2021-12-21 11:29:28.445root 11241100x8000000000000000534186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ad03742e3381212021-12-21 11:29:28.445root 11241100x8000000000000000534187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a230457992a09c2021-12-21 11:29:28.445root 11241100x8000000000000000534188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec2e47a1386e702021-12-21 11:29:28.445root 11241100x8000000000000000534189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140466e4bb9802a82021-12-21 11:29:28.445root 11241100x8000000000000000534190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38402118c9b6cd742021-12-21 11:29:28.445root 11241100x8000000000000000534191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22420209945753512021-12-21 11:29:28.445root 11241100x8000000000000000534192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d58390da8042e42021-12-21 11:29:28.446root 11241100x8000000000000000534193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf9be650ab1ae412021-12-21 11:29:28.446root 11241100x8000000000000000534194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699eb4a980a87b9e2021-12-21 11:29:28.446root 11241100x8000000000000000534195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6fbaf06f00ee0b2021-12-21 11:29:28.446root 11241100x8000000000000000534196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983867126c529eba2021-12-21 11:29:28.446root 11241100x8000000000000000534197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a92abce4a3d6fe22021-12-21 11:29:28.446root 11241100x8000000000000000534198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef569907e1ba5c7f2021-12-21 11:29:28.446root 11241100x8000000000000000534199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f903d8c672853a7c2021-12-21 11:29:28.446root 11241100x8000000000000000534200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ced7b178e7cc12021-12-21 11:29:28.447root 11241100x8000000000000000534201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192134e5da34af1a2021-12-21 11:29:28.447root 11241100x8000000000000000534202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22894b3efd9d27a72021-12-21 11:29:28.447root 11241100x8000000000000000534203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace32b8eb759823a2021-12-21 11:29:28.447root 11241100x8000000000000000534204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0577ebcd29d312021-12-21 11:29:28.447root 11241100x8000000000000000534205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ecaf44a4999d2a2021-12-21 11:29:28.447root 11241100x8000000000000000534206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c291330e01845e82021-12-21 11:29:28.447root 11241100x8000000000000000534207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3d5430d0b536b22021-12-21 11:29:28.447root 11241100x8000000000000000534208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6e0a878d3ee5602021-12-21 11:29:28.943root 11241100x8000000000000000534209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fa3ef0d292e2c62021-12-21 11:29:28.943root 11241100x8000000000000000534210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a749c42bb6ccdbe2021-12-21 11:29:28.943root 11241100x8000000000000000534211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b20dac6e2c3e4232021-12-21 11:29:28.943root 11241100x8000000000000000534212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff655c36add091312021-12-21 11:29:28.943root 11241100x8000000000000000534213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2437d99c1d2a7702021-12-21 11:29:28.943root 11241100x8000000000000000534214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b94d83751351a02021-12-21 11:29:28.944root 11241100x8000000000000000534215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51eb692853e8c6842021-12-21 11:29:28.944root 11241100x8000000000000000534216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34374ebf5f4f3a6b2021-12-21 11:29:28.944root 11241100x8000000000000000534217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a43f9147a47f52021-12-21 11:29:28.944root 11241100x8000000000000000534218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dd1d9be7ff71472021-12-21 11:29:28.944root 11241100x8000000000000000534219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7adf9e24d5d9372021-12-21 11:29:28.944root 11241100x8000000000000000534220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a32d6cd8425d1fa2021-12-21 11:29:28.944root 11241100x8000000000000000534221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec8bdfda7d5483b2021-12-21 11:29:28.944root 11241100x8000000000000000534222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c016e6023724f2021-12-21 11:29:28.944root 11241100x8000000000000000534223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74ec3d86cbb64832021-12-21 11:29:28.944root 11241100x8000000000000000534224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c00909b792cac7c2021-12-21 11:29:28.945root 11241100x8000000000000000534225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e484c274ac740ee92021-12-21 11:29:28.945root 11241100x8000000000000000534226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0880dda634630c2021-12-21 11:29:28.945root 11241100x8000000000000000534227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e8856162194552021-12-21 11:29:28.945root 11241100x8000000000000000534228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac457a08222ef832021-12-21 11:29:28.945root 11241100x8000000000000000534229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f326c3b792c96c2021-12-21 11:29:28.945root 11241100x8000000000000000534230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b54183f83e7c1c52021-12-21 11:29:28.945root 11241100x8000000000000000534231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2796e265c9fe9d5b2021-12-21 11:29:28.945root 11241100x8000000000000000534232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b037e9936f13c56b2021-12-21 11:29:29.443root 11241100x8000000000000000534233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0e8a07bd1b37252021-12-21 11:29:29.443root 11241100x8000000000000000534234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad015a1277a4d2b02021-12-21 11:29:29.443root 11241100x8000000000000000534235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cc44d013e9a7b92021-12-21 11:29:29.443root 11241100x8000000000000000534236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc1cdafcb00e4b82021-12-21 11:29:29.444root 11241100x8000000000000000534237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa136c2b1ac0772021-12-21 11:29:29.444root 11241100x8000000000000000534238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d41daa6640dd8222021-12-21 11:29:29.444root 11241100x8000000000000000534239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6dd7a6cff75692021-12-21 11:29:29.444root 11241100x8000000000000000534240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eced7e7ecfbb139f2021-12-21 11:29:29.444root 11241100x8000000000000000534241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7878e9c95b1f2cdc2021-12-21 11:29:29.444root 11241100x8000000000000000534242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1d2958c7a6513b2021-12-21 11:29:29.444root 11241100x8000000000000000534243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0957a26b1447d16c2021-12-21 11:29:29.444root 11241100x8000000000000000534244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3701580534bde1c82021-12-21 11:29:29.444root 11241100x8000000000000000534245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e14d4e4141ace462021-12-21 11:29:29.444root 11241100x8000000000000000534246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8a4b75fc44297c2021-12-21 11:29:29.444root 11241100x8000000000000000534247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635906701257527f2021-12-21 11:29:29.444root 11241100x8000000000000000534248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266fa598cf6bad9b2021-12-21 11:29:29.444root 11241100x8000000000000000534249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806c27356c0445232021-12-21 11:29:29.444root 11241100x8000000000000000534250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c20c286aa9d4aa72021-12-21 11:29:29.444root 11241100x8000000000000000534251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914324d9d46e50b62021-12-21 11:29:29.444root 11241100x8000000000000000534252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a72545265bb5152021-12-21 11:29:29.445root 11241100x8000000000000000534253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10676e49be1fbe92021-12-21 11:29:29.943root 11241100x8000000000000000534254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddea79170962692e2021-12-21 11:29:29.943root 11241100x8000000000000000534255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6b0b3cdd9e61542021-12-21 11:29:29.943root 11241100x8000000000000000534256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5357bad0b119f472021-12-21 11:29:29.943root 11241100x8000000000000000534257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79009fa7a054f4c2021-12-21 11:29:29.943root 11241100x8000000000000000534258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9abc07d38aac7ca2021-12-21 11:29:29.944root 11241100x8000000000000000534259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c57766505d19762021-12-21 11:29:29.944root 11241100x8000000000000000534260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3d4a98b94bc6992021-12-21 11:29:29.944root 11241100x8000000000000000534261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e96381aa065a5de2021-12-21 11:29:29.944root 11241100x8000000000000000534262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ca9630ba82e7be2021-12-21 11:29:29.944root 11241100x8000000000000000534263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21f6479b6afd0932021-12-21 11:29:29.944root 11241100x8000000000000000534264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac4b654167ba902021-12-21 11:29:29.944root 11241100x8000000000000000534265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbd24448bab9d882021-12-21 11:29:29.944root 11241100x8000000000000000534266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c12c37e28356c2021-12-21 11:29:29.944root 11241100x8000000000000000534267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0913602359f1e8c12021-12-21 11:29:29.944root 11241100x8000000000000000534268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79b410b31f085072021-12-21 11:29:29.945root 11241100x8000000000000000534269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e6452528e8de652021-12-21 11:29:29.945root 11241100x8000000000000000534270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac49eeef74389462021-12-21 11:29:29.945root 11241100x8000000000000000534271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244b2097fd40744d2021-12-21 11:29:29.945root 11241100x8000000000000000534272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfb5e52607b7dbe2021-12-21 11:29:29.945root 11241100x8000000000000000534273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79b33cd2633b7292021-12-21 11:29:29.946root 11241100x8000000000000000534274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a857075d181298a52021-12-21 11:29:30.443root 11241100x8000000000000000534275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8278105dec9e0f72021-12-21 11:29:30.443root 11241100x8000000000000000534276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c5ef8b6d9ccf9e2021-12-21 11:29:30.444root 11241100x8000000000000000534277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b9a7906c5b17a12021-12-21 11:29:30.444root 11241100x8000000000000000534278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad0bc6cf1ad6e3b2021-12-21 11:29:30.444root 11241100x8000000000000000534279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f7722a5060ad52021-12-21 11:29:30.444root 11241100x8000000000000000534280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a46c5f6c18887b2021-12-21 11:29:30.444root 11241100x8000000000000000534281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe98f84701f15a22021-12-21 11:29:30.445root 11241100x8000000000000000534282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d8d90b9f695d572021-12-21 11:29:30.445root 11241100x8000000000000000534283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee9c6cd1aa12dd32021-12-21 11:29:30.445root 11241100x8000000000000000534284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae547620e97f0cb62021-12-21 11:29:30.445root 11241100x8000000000000000534285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde10960f3def09c2021-12-21 11:29:30.445root 11241100x8000000000000000534286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cb0fdc889607382021-12-21 11:29:30.445root 11241100x8000000000000000534287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713b73fa0167af9c2021-12-21 11:29:30.445root 11241100x8000000000000000534288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc575ff55052012021-12-21 11:29:30.445root 11241100x8000000000000000534289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e932941f04b7a4552021-12-21 11:29:30.445root 11241100x8000000000000000534290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89d7eb6ce373de62021-12-21 11:29:30.445root 11241100x8000000000000000534291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decdef4c146fa48a2021-12-21 11:29:30.445root 11241100x8000000000000000534292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80663b809d287a02021-12-21 11:29:30.445root 11241100x8000000000000000534293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd2a4dc6222b45c2021-12-21 11:29:30.445root 11241100x8000000000000000534294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfac7dc85da0ac2021-12-21 11:29:30.445root 11241100x8000000000000000534295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe524dc546762432021-12-21 11:29:30.943root 11241100x8000000000000000534296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759da4d37d6f72d22021-12-21 11:29:30.943root 11241100x8000000000000000534297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54bf196c53e205d2021-12-21 11:29:30.943root 11241100x8000000000000000534298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338ecc4fcca9115d2021-12-21 11:29:30.943root 11241100x8000000000000000534299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efed76faf6763e52021-12-21 11:29:30.944root 11241100x8000000000000000534300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c36fff16956bb82021-12-21 11:29:30.944root 11241100x8000000000000000534301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a934bda0bbe7b1a2021-12-21 11:29:30.944root 11241100x8000000000000000534302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7137c69a658409332021-12-21 11:29:30.944root 11241100x8000000000000000534303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de62d8bf3f75e4ad2021-12-21 11:29:30.944root 11241100x8000000000000000534304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bff0d71d15f5262021-12-21 11:29:30.944root 11241100x8000000000000000534305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598695a21df1cc172021-12-21 11:29:30.944root 11241100x8000000000000000534306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b6e30b3ac5be0f2021-12-21 11:29:30.944root 11241100x8000000000000000534307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe2b61e6cb2e9002021-12-21 11:29:30.944root 11241100x8000000000000000534308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71021363ec8595b82021-12-21 11:29:30.944root 11241100x8000000000000000534309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63c87bd144aff082021-12-21 11:29:30.944root 11241100x8000000000000000534310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e4a0741e02a6b2021-12-21 11:29:30.944root 11241100x8000000000000000534311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fd75c8de0ba1812021-12-21 11:29:30.945root 11241100x8000000000000000534312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c6d7e95408aa492021-12-21 11:29:30.945root 11241100x8000000000000000534313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d2c82a47fb7ff12021-12-21 11:29:30.945root 11241100x8000000000000000534314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19302885d3627c7e2021-12-21 11:29:30.945root 11241100x8000000000000000534315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bd7d66db6d40f82021-12-21 11:29:30.945root 11241100x8000000000000000534316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b4a916b22479ad2021-12-21 11:29:31.443root 11241100x8000000000000000534317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7915b264b7ebc9672021-12-21 11:29:31.443root 11241100x8000000000000000534318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ff68c222e438862021-12-21 11:29:31.443root 11241100x8000000000000000534319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a506b8ebf2c38672021-12-21 11:29:31.444root 11241100x8000000000000000534320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee93308048e73362021-12-21 11:29:31.444root 11241100x8000000000000000534321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48612b24a9d53da32021-12-21 11:29:31.444root 11241100x8000000000000000534322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf80196390619622021-12-21 11:29:31.444root 11241100x8000000000000000534323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f038f03ff2a9b612021-12-21 11:29:31.444root 11241100x8000000000000000534324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1153bbd5d416c7c2021-12-21 11:29:31.444root 11241100x8000000000000000534325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7ac3b42a6450e2021-12-21 11:29:31.445root 11241100x8000000000000000534326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac563a750cd800e2021-12-21 11:29:31.445root 11241100x8000000000000000534327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e337e83bdb68e4fa2021-12-21 11:29:31.445root 11241100x8000000000000000534328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f0c73411036c682021-12-21 11:29:31.445root 11241100x8000000000000000534329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d51661da24b45b2021-12-21 11:29:31.445root 11241100x8000000000000000534330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5906a3e01706502021-12-21 11:29:31.445root 11241100x8000000000000000534331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8600447c3c449ca2021-12-21 11:29:31.446root 11241100x8000000000000000534332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4571d7b234cdfb0c2021-12-21 11:29:31.446root 11241100x8000000000000000534333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf33cc87c0ba4f2021-12-21 11:29:31.446root 11241100x8000000000000000534334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1e6734f2720f5f2021-12-21 11:29:31.446root 11241100x8000000000000000534335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea10cf3e74ac402021-12-21 11:29:31.446root 11241100x8000000000000000534336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9497b3bf0cbd5b42021-12-21 11:29:31.446root 11241100x8000000000000000534337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f02d1cbab16a902021-12-21 11:29:31.943root 11241100x8000000000000000534338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29851ecbc72cd3d42021-12-21 11:29:31.943root 11241100x8000000000000000534339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d27c7d69cd91f02021-12-21 11:29:31.943root 11241100x8000000000000000534340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00b7b05a37db5792021-12-21 11:29:31.943root 11241100x8000000000000000534341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da01991d934b2b82021-12-21 11:29:31.944root 11241100x8000000000000000534342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28122615a5b186a62021-12-21 11:29:31.944root 11241100x8000000000000000534343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e793c6468550d2021-12-21 11:29:31.944root 11241100x8000000000000000534344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039e2d7a0c46a0352021-12-21 11:29:31.944root 11241100x8000000000000000534345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566f4347f114d09f2021-12-21 11:29:31.944root 11241100x8000000000000000534346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafaeb89433476d22021-12-21 11:29:31.945root 11241100x8000000000000000534347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72ddf83e64f3b22021-12-21 11:29:31.945root 11241100x8000000000000000534348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a672d0f811ba0ba2021-12-21 11:29:31.945root 11241100x8000000000000000534349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f062a2ca6035aa32021-12-21 11:29:31.945root 11241100x8000000000000000534350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a3c5468ca722912021-12-21 11:29:31.945root 11241100x8000000000000000534351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b805ac2cd33cbd92021-12-21 11:29:31.945root 11241100x8000000000000000534352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3dec5aeee9f4b52021-12-21 11:29:31.945root 11241100x8000000000000000534353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c48f08c720c1042021-12-21 11:29:31.945root 11241100x8000000000000000534354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0091d3b3d08461b02021-12-21 11:29:31.945root 11241100x8000000000000000534355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa508eb6ddb9662d2021-12-21 11:29:31.945root 11241100x8000000000000000534356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e89867d6286ece22021-12-21 11:29:31.945root 11241100x8000000000000000534357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6047b5e08ce72292021-12-21 11:29:31.945root 11241100x8000000000000000534358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44c7c4ef155e2ac2021-12-21 11:29:31.945root 11241100x8000000000000000534359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eaff25b531cfb42021-12-21 11:29:31.946root 11241100x8000000000000000534360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81ae1bc11f4efed2021-12-21 11:29:31.946root 11241100x8000000000000000534361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9fed9ed47c961c2021-12-21 11:29:31.946root 11241100x8000000000000000534362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dcb607847e1d3e2021-12-21 11:29:32.443root 11241100x8000000000000000534363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13af9951eda4dd792021-12-21 11:29:32.443root 11241100x8000000000000000534364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a011259c986b7c62021-12-21 11:29:32.443root 11241100x8000000000000000534365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ef8d117d70af72021-12-21 11:29:32.443root 11241100x8000000000000000534366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2414e8c83cb041c72021-12-21 11:29:32.443root 11241100x8000000000000000534367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bab8942da75f2e2021-12-21 11:29:32.443root 11241100x8000000000000000534368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f55e08715e2e12021-12-21 11:29:32.443root 11241100x8000000000000000534369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad907f56ea8576be2021-12-21 11:29:32.443root 11241100x8000000000000000534370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b594e7815dedb52021-12-21 11:29:32.443root 11241100x8000000000000000534371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f786ddc12e7a402021-12-21 11:29:32.444root 11241100x8000000000000000534372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd2099ebcec5f192021-12-21 11:29:32.444root 11241100x8000000000000000534373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e4b69708abea2f2021-12-21 11:29:32.444root 11241100x8000000000000000534374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07cdd732635def2021-12-21 11:29:32.444root 11241100x8000000000000000534375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5da9ae40af299f62021-12-21 11:29:32.444root 11241100x8000000000000000534376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d333bf5cf2533e472021-12-21 11:29:32.444root 11241100x8000000000000000534377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83b53329655d4ab2021-12-21 11:29:32.444root 11241100x8000000000000000534378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4853c0a625c01a2021-12-21 11:29:32.444root 11241100x8000000000000000534379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d325da2379fed2021-12-21 11:29:32.445root 11241100x8000000000000000534380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1218665aee08acc2021-12-21 11:29:32.445root 11241100x8000000000000000534381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1733c0f258b1f0d2021-12-21 11:29:32.445root 11241100x8000000000000000534382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e262cc90f2db352021-12-21 11:29:32.445root 11241100x8000000000000000534383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf44022b1b1b6402021-12-21 11:29:32.445root 11241100x8000000000000000534384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4629e03f5d32bce2021-12-21 11:29:32.445root 11241100x8000000000000000534385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d68ce02af83b0b2021-12-21 11:29:32.445root 11241100x8000000000000000534386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae8712be724ff22021-12-21 11:29:32.445root 11241100x8000000000000000534387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3bc2899f0771ed2021-12-21 11:29:32.445root 11241100x8000000000000000534388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f32b1382cde99a2021-12-21 11:29:32.445root 11241100x8000000000000000534389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58aebeef73968802021-12-21 11:29:32.446root 11241100x8000000000000000534390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4af06b111dbeee2021-12-21 11:29:32.446root 11241100x8000000000000000534391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97403e74ae364ad2021-12-21 11:29:32.446root 11241100x8000000000000000534392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20eba0f0b02c1c72021-12-21 11:29:32.446root 11241100x8000000000000000534393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2ffa8bff164ad52021-12-21 11:29:32.446root 11241100x8000000000000000534394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587eb904d5b119cb2021-12-21 11:29:32.446root 11241100x8000000000000000534395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9ba21f7148880e2021-12-21 11:29:32.446root 11241100x8000000000000000534396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb434ac6a3a16a2021-12-21 11:29:32.446root 11241100x8000000000000000534397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7fca1b6dbeaf1e2021-12-21 11:29:32.446root 11241100x8000000000000000534398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8258d1910c72702021-12-21 11:29:32.446root 11241100x8000000000000000534399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac615488cf7033b2021-12-21 11:29:32.446root 11241100x8000000000000000534400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f74ecca959d6e772021-12-21 11:29:32.943root 11241100x8000000000000000534401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e97fa5901cf0d92021-12-21 11:29:32.943root 11241100x8000000000000000534402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d82dd393ba0eb72021-12-21 11:29:32.943root 11241100x8000000000000000534403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd203376fa12341c2021-12-21 11:29:32.943root 11241100x8000000000000000534404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5af053db403e612021-12-21 11:29:32.943root 11241100x8000000000000000534405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009dda19bb8f17092021-12-21 11:29:32.943root 11241100x8000000000000000534406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5feae54c76d4d42021-12-21 11:29:32.944root 11241100x8000000000000000534407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4740390a29bac1172021-12-21 11:29:32.944root 11241100x8000000000000000534408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4c8eb441775bbc2021-12-21 11:29:32.944root 11241100x8000000000000000534409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45253040d7cb1dfc2021-12-21 11:29:32.944root 11241100x8000000000000000534410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd182e6173535a32021-12-21 11:29:32.944root 11241100x8000000000000000534411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62806e33d9bcb22e2021-12-21 11:29:32.945root 11241100x8000000000000000534412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33127600f1e639b2021-12-21 11:29:32.945root 11241100x8000000000000000534413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cfa70bb9bcecb52021-12-21 11:29:32.945root 11241100x8000000000000000534414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345a27a424626ccf2021-12-21 11:29:32.945root 11241100x8000000000000000534415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2f562749d6ccf22021-12-21 11:29:32.945root 11241100x8000000000000000534416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ba40bdc32317b2021-12-21 11:29:32.945root 11241100x8000000000000000534417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f210fabc25a9a2021-12-21 11:29:32.946root 11241100x8000000000000000534418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957641b92d3047812021-12-21 11:29:32.946root 11241100x8000000000000000534419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c307866c3863f62021-12-21 11:29:32.946root 11241100x8000000000000000534420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291738ef42092a192021-12-21 11:29:32.946root 11241100x8000000000000000534421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c31d03d99965d442021-12-21 11:29:32.946root 11241100x8000000000000000534422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59232d505326a202021-12-21 11:29:32.946root 11241100x8000000000000000534423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfb8de83b1311492021-12-21 11:29:32.947root 11241100x8000000000000000534424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e8c2e565c309f2021-12-21 11:29:32.947root 11241100x8000000000000000534425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06bc3eafdc92c642021-12-21 11:29:32.947root 11241100x8000000000000000534426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44678c15a4220f62021-12-21 11:29:32.947root 354300x8000000000000000534427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.067{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48616-false10.0.1.12-8000- 11241100x8000000000000000534428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf0f5374ae622b82021-12-21 11:29:33.443root 11241100x8000000000000000534429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076c95fb515462072021-12-21 11:29:33.443root 11241100x8000000000000000534430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b7149d6d865482021-12-21 11:29:33.443root 11241100x8000000000000000534431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a9ef6e741bfc832021-12-21 11:29:33.443root 11241100x8000000000000000534432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e759ff3578d29132021-12-21 11:29:33.443root 11241100x8000000000000000534433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97c978e5f15ebaa2021-12-21 11:29:33.444root 11241100x8000000000000000534434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e68e1e2b6a994a92021-12-21 11:29:33.444root 11241100x8000000000000000534435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cf9f735faaafc72021-12-21 11:29:33.444root 11241100x8000000000000000534436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94012839c3e0ae7b2021-12-21 11:29:33.445root 11241100x8000000000000000534437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3724a2bf5a3f263f2021-12-21 11:29:33.445root 11241100x8000000000000000534438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97edb4f93e933292021-12-21 11:29:33.445root 11241100x8000000000000000534439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e069c089b36576d2021-12-21 11:29:33.445root 11241100x8000000000000000534440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c445af6231292d2021-12-21 11:29:33.445root 11241100x8000000000000000534441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c156cc984fbaf9c42021-12-21 11:29:33.445root 11241100x8000000000000000534442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fde4d2589dae8f2021-12-21 11:29:33.445root 11241100x8000000000000000534443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e612c83498c62782021-12-21 11:29:33.445root 11241100x8000000000000000534444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7604010615ad6712021-12-21 11:29:33.446root 11241100x8000000000000000534445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7a26b8305429d2021-12-21 11:29:33.446root 11241100x8000000000000000534446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652a2a19571a69f42021-12-21 11:29:33.446root 11241100x8000000000000000534447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9733eed2b7b6c6372021-12-21 11:29:33.446root 11241100x8000000000000000534448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c50a3418e62404e2021-12-21 11:29:33.446root 11241100x8000000000000000534449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5bd8b9d05696e12021-12-21 11:29:33.446root 11241100x8000000000000000534450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe185beb7b45f8662021-12-21 11:29:33.943root 11241100x8000000000000000534451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01628d965edaf4132021-12-21 11:29:33.943root 11241100x8000000000000000534452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da886d507ffc5f5a2021-12-21 11:29:33.943root 11241100x8000000000000000534453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0ecbd371407f592021-12-21 11:29:33.943root 11241100x8000000000000000534454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc08479895f83be62021-12-21 11:29:33.944root 11241100x8000000000000000534455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8c0aa447f26a112021-12-21 11:29:33.944root 11241100x8000000000000000534456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3368e85d6e631dfb2021-12-21 11:29:33.944root 11241100x8000000000000000534457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dd4375dddcfa6d2021-12-21 11:29:33.944root 11241100x8000000000000000534458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3795106e5cc6352021-12-21 11:29:33.944root 11241100x8000000000000000534459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201dbeffa6434f072021-12-21 11:29:33.944root 11241100x8000000000000000534460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6811af8ecf5263a02021-12-21 11:29:33.945root 11241100x8000000000000000534461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702e3e1b2559e0592021-12-21 11:29:33.945root 11241100x8000000000000000534462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e0365013a017bd2021-12-21 11:29:33.945root 11241100x8000000000000000534463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cf7a345738f3182021-12-21 11:29:33.945root 11241100x8000000000000000534464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05fd42d22ad25692021-12-21 11:29:33.945root 11241100x8000000000000000534465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2890c436926a402021-12-21 11:29:33.946root 11241100x8000000000000000534466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20ff078b5289d052021-12-21 11:29:33.946root 11241100x8000000000000000534467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421455d133fb8c022021-12-21 11:29:33.946root 11241100x8000000000000000534468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96352c570c77b0cd2021-12-21 11:29:33.946root 11241100x8000000000000000534469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87efe2fc61d64cd62021-12-21 11:29:33.946root 11241100x8000000000000000534470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b666ae4f3d0ba62021-12-21 11:29:33.946root 11241100x8000000000000000534471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de123f6a8d310fc42021-12-21 11:29:33.946root 11241100x8000000000000000534472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aaffdb503430a32021-12-21 11:29:34.443root 11241100x8000000000000000534473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cbe5d289c81c252021-12-21 11:29:34.443root 11241100x8000000000000000534474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c898026c3adf91d82021-12-21 11:29:34.444root 11241100x8000000000000000534475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d668882054cc645d2021-12-21 11:29:34.444root 11241100x8000000000000000534476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0608529630f1daa52021-12-21 11:29:34.444root 11241100x8000000000000000534477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeee5e9dbeba04fb2021-12-21 11:29:34.444root 11241100x8000000000000000534478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a63b86abeaf29922021-12-21 11:29:34.444root 11241100x8000000000000000534479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213fd3138949df432021-12-21 11:29:34.445root 11241100x8000000000000000534480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36868d9c51b99b992021-12-21 11:29:34.445root 11241100x8000000000000000534481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11e0c4e328fa8072021-12-21 11:29:34.445root 11241100x8000000000000000534482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be3333e937c8f4b2021-12-21 11:29:34.445root 11241100x8000000000000000534483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b502a25402d2652021-12-21 11:29:34.445root 11241100x8000000000000000534484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3d98ebea281f8f2021-12-21 11:29:34.445root 11241100x8000000000000000534485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9531fe3b87a5e04b2021-12-21 11:29:34.445root 11241100x8000000000000000534486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fe99aca59464332021-12-21 11:29:34.445root 11241100x8000000000000000534487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26231a273214bd702021-12-21 11:29:34.445root 11241100x8000000000000000534488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6cf02740f63a992021-12-21 11:29:34.445root 11241100x8000000000000000534489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f5e687b0f154232021-12-21 11:29:34.445root 11241100x8000000000000000534490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3611187ba29ed2021-12-21 11:29:34.445root 11241100x8000000000000000534491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1c675c6364ef2e2021-12-21 11:29:34.445root 11241100x8000000000000000534492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e056ac5ac36eaf52021-12-21 11:29:34.446root 11241100x8000000000000000534493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d203c0cfb442d32021-12-21 11:29:34.446root 11241100x8000000000000000534494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbd70be210485452021-12-21 11:29:34.943root 11241100x8000000000000000534495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e8edb79a6232592021-12-21 11:29:34.943root 11241100x8000000000000000534496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931716603aedc1842021-12-21 11:29:34.943root 11241100x8000000000000000534497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f992d0b1298592021-12-21 11:29:34.943root 11241100x8000000000000000534498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13c85051b4234472021-12-21 11:29:34.943root 11241100x8000000000000000534499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae38422329c06962021-12-21 11:29:34.943root 11241100x8000000000000000534500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950a781fd58e30b2021-12-21 11:29:34.943root 11241100x8000000000000000534501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05ee86dbed761f32021-12-21 11:29:34.944root 11241100x8000000000000000534502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aaa1d7d72dbed72021-12-21 11:29:34.944root 11241100x8000000000000000534503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbc7dbadd58d3362021-12-21 11:29:34.944root 11241100x8000000000000000534504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cf91f451710aed2021-12-21 11:29:34.944root 11241100x8000000000000000534505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68d9f506fe837fa2021-12-21 11:29:34.944root 11241100x8000000000000000534506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325176697a15c0952021-12-21 11:29:34.944root 11241100x8000000000000000534507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c987fd8ca741990f2021-12-21 11:29:34.944root 11241100x8000000000000000534508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ba9d95da4dee092021-12-21 11:29:34.944root 11241100x8000000000000000534509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d252fbc961853432021-12-21 11:29:34.945root 11241100x8000000000000000534510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e153fc0bf33702d2021-12-21 11:29:34.945root 11241100x8000000000000000534511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525ea73c87425212021-12-21 11:29:34.945root 11241100x8000000000000000534512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed2f72706e1f21a2021-12-21 11:29:34.945root 11241100x8000000000000000534513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b6b3ab73a7e9922021-12-21 11:29:34.945root 11241100x8000000000000000534514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43de0e3057b12f0e2021-12-21 11:29:34.945root 11241100x8000000000000000534515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99e2c4ff56fa2a82021-12-21 11:29:34.945root 11241100x8000000000000000534516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9fc89ad28632ab2021-12-21 11:29:34.945root 11241100x8000000000000000534517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4f0653cee27ada2021-12-21 11:29:34.945root 11241100x8000000000000000534518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854dd64412d270672021-12-21 11:29:34.945root 11241100x8000000000000000534519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a876f248653922021-12-21 11:29:34.946root 11241100x8000000000000000534520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d91f60d6809b722021-12-21 11:29:34.946root 11241100x8000000000000000534521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ea308c5b5ed9fc2021-12-21 11:29:34.946root 11241100x8000000000000000534522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c563f30420af52021-12-21 11:29:34.946root 11241100x8000000000000000534523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30ede4176eaa9192021-12-21 11:29:34.946root 11241100x8000000000000000534524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acdcf877fd029cb2021-12-21 11:29:34.946root 11241100x8000000000000000534525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd84f1117cf0ba12021-12-21 11:29:34.946root 11241100x8000000000000000534526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6f55daf27bba222021-12-21 11:29:34.946root 11241100x8000000000000000534527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af12afd0f39365452021-12-21 11:29:35.443root 11241100x8000000000000000534528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae48b80409607a2021-12-21 11:29:35.443root 11241100x8000000000000000534529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8006d7df5365462021-12-21 11:29:35.443root 11241100x8000000000000000534530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbee054beba704a2021-12-21 11:29:35.444root 11241100x8000000000000000534531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cdfd94e43ebf332021-12-21 11:29:35.444root 11241100x8000000000000000534532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8cabe1752a810d2021-12-21 11:29:35.444root 11241100x8000000000000000534533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831a90140fcd3eef2021-12-21 11:29:35.444root 11241100x8000000000000000534534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad72b0281933f792021-12-21 11:29:35.444root 11241100x8000000000000000534535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144a1327d1a7a7ab2021-12-21 11:29:35.444root 11241100x8000000000000000534536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940a3c970949afa02021-12-21 11:29:35.444root 11241100x8000000000000000534537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4928e0b4f0406a2021-12-21 11:29:35.444root 11241100x8000000000000000534538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba82e90b81842522021-12-21 11:29:35.444root 11241100x8000000000000000534539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e1cbbff74dcf8c2021-12-21 11:29:35.444root 11241100x8000000000000000534540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc2c2ea32e20cd02021-12-21 11:29:35.444root 11241100x8000000000000000534541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c19cd7304e014322021-12-21 11:29:35.445root 11241100x8000000000000000534542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3b00102d716102021-12-21 11:29:35.445root 11241100x8000000000000000534543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567592966f441f402021-12-21 11:29:35.445root 11241100x8000000000000000534544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ec343eb21fae8b2021-12-21 11:29:35.445root 11241100x8000000000000000534545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd32b01bdd4b4f12021-12-21 11:29:35.445root 11241100x8000000000000000534546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bab719466c35c92021-12-21 11:29:35.445root 11241100x8000000000000000534547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe1e6dcd2c30e52021-12-21 11:29:35.445root 11241100x8000000000000000534548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e31b6420216f4132021-12-21 11:29:35.445root 11241100x8000000000000000534549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83604ff36078c5862021-12-21 11:29:35.943root 11241100x8000000000000000534550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164294bbbf2365d62021-12-21 11:29:35.943root 11241100x8000000000000000534551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb0219fe5caa4722021-12-21 11:29:35.943root 11241100x8000000000000000534552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafc1ea7aadae28b2021-12-21 11:29:35.943root 11241100x8000000000000000534553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4214c7123b603f2021-12-21 11:29:35.943root 11241100x8000000000000000534554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a810cc2edc0ffae62021-12-21 11:29:35.943root 11241100x8000000000000000534555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dbb3daf37f68ff2021-12-21 11:29:35.943root 11241100x8000000000000000534556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7047b186f8b7b49e2021-12-21 11:29:35.943root 11241100x8000000000000000534557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0298e34b0cf7ead2021-12-21 11:29:35.943root 11241100x8000000000000000534558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa339008f8a54362021-12-21 11:29:35.944root 11241100x8000000000000000534559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718d092ffb83b5e92021-12-21 11:29:35.944root 11241100x8000000000000000534560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805d51b7711fe9f32021-12-21 11:29:35.944root 11241100x8000000000000000534561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1815a029b79291852021-12-21 11:29:35.944root 11241100x8000000000000000534562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144fce02352440a62021-12-21 11:29:35.944root 11241100x8000000000000000534563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc1c396c1aa2e9c2021-12-21 11:29:35.944root 11241100x8000000000000000534564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2148d11f8a9f512021-12-21 11:29:35.944root 11241100x8000000000000000534565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4564ed558873c15c2021-12-21 11:29:35.944root 11241100x8000000000000000534566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ed704a2e838952021-12-21 11:29:35.944root 11241100x8000000000000000534567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c507ac95b336e42021-12-21 11:29:35.944root 11241100x8000000000000000534568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b143fefd127867622021-12-21 11:29:35.944root 11241100x8000000000000000534569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee760c0ce5597772021-12-21 11:29:35.945root 11241100x8000000000000000534570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2438484888e4742021-12-21 11:29:35.945root 11241100x8000000000000000534571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2284fe622546fef2021-12-21 11:29:35.945root 11241100x8000000000000000534572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369a3a6fbbbad31f2021-12-21 11:29:35.945root 11241100x8000000000000000534573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8222db4c6e0fab2021-12-21 11:29:35.945root 11241100x8000000000000000534574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42edcb2d0e770fe2021-12-21 11:29:35.945root 11241100x8000000000000000534575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f352a5d6aa343912021-12-21 11:29:35.945root 11241100x8000000000000000534576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05728e4ffe601d792021-12-21 11:29:35.945root 11241100x8000000000000000534577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5ed46f4991f3cf2021-12-21 11:29:35.945root 11241100x8000000000000000534578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc33eed7eb4204c2021-12-21 11:29:35.945root 11241100x8000000000000000534579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0888f4c0152dc322021-12-21 11:29:35.945root 11241100x8000000000000000534580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3e7beb1ecf22012021-12-21 11:29:35.945root 11241100x8000000000000000534581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ef1d22a029c80c2021-12-21 11:29:35.945root 11241100x8000000000000000534582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6168e3b8369874d02021-12-21 11:29:35.946root 11241100x8000000000000000534583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0352061d3b7e7c52021-12-21 11:29:35.946root 11241100x8000000000000000534584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:29:36.327root 11241100x8000000000000000534585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7de2c19de8df9b42021-12-21 11:29:36.328root 11241100x8000000000000000534586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a4dfff47dec3822021-12-21 11:29:36.328root 11241100x8000000000000000534587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8d8cf648aa655f2021-12-21 11:29:36.328root 11241100x8000000000000000534588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d197cee747976fb2021-12-21 11:29:36.328root 11241100x8000000000000000534589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da89554e6ddbef2b2021-12-21 11:29:36.328root 11241100x8000000000000000534590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e586cd58cf2aa9942021-12-21 11:29:36.329root 11241100x8000000000000000534591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98f8c41efad0db42021-12-21 11:29:36.329root 11241100x8000000000000000534592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262b357a58bf2acb2021-12-21 11:29:36.329root 11241100x8000000000000000534593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ed920b62c6c92a2021-12-21 11:29:36.329root 11241100x8000000000000000534594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a5aacc0ccc90df2021-12-21 11:29:36.329root 11241100x8000000000000000534595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c902112532e8bd252021-12-21 11:29:36.329root 11241100x8000000000000000534596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44303cf7dadb74902021-12-21 11:29:36.329root 11241100x8000000000000000534597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6bec4739b740d52021-12-21 11:29:36.329root 11241100x8000000000000000534598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9516ded85f7a7d2021-12-21 11:29:36.329root 11241100x8000000000000000534599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a309ba5f414445b2021-12-21 11:29:36.329root 11241100x8000000000000000534600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ab49fd9cb8a2c42021-12-21 11:29:36.329root 11241100x8000000000000000534601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3eedfdc11b09e82021-12-21 11:29:36.329root 11241100x8000000000000000534602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7202598fbdceb3bb2021-12-21 11:29:36.329root 11241100x8000000000000000534603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b910bf49c87d132e2021-12-21 11:29:36.329root 11241100x8000000000000000534604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fffca77e9119422021-12-21 11:29:36.330root 11241100x8000000000000000534605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949b8a36dd6e74802021-12-21 11:29:36.330root 11241100x8000000000000000534606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216792c145cc16d22021-12-21 11:29:36.330root 11241100x8000000000000000534607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b870b21f2a60c02021-12-21 11:29:36.330root 11241100x8000000000000000534608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66854435aaa431452021-12-21 11:29:36.330root 11241100x8000000000000000534609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4ebcc11bf7fbe2021-12-21 11:29:36.330root 11241100x8000000000000000534610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cf3b989b693d5f2021-12-21 11:29:36.330root 11241100x8000000000000000534611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54add652136a6c2021-12-21 11:29:36.330root 11241100x8000000000000000534612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aeedabff43990f2021-12-21 11:29:36.330root 11241100x8000000000000000534613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073a15619a9e70ae2021-12-21 11:29:36.330root 11241100x8000000000000000534614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73df6574e4083dc82021-12-21 11:29:36.330root 11241100x8000000000000000534615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0031d9d3612d9c502021-12-21 11:29:36.330root 11241100x8000000000000000534616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b016164a256ec642021-12-21 11:29:36.330root 11241100x8000000000000000534617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe41981e950177a2021-12-21 11:29:36.330root 11241100x8000000000000000534618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca96666c6e6ce852021-12-21 11:29:36.331root 11241100x8000000000000000534619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a66f360ffcd7772021-12-21 11:29:36.331root 11241100x8000000000000000534620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d0e47222bbb40d2021-12-21 11:29:36.331root 11241100x8000000000000000534621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb3619680260e202021-12-21 11:29:36.331root 11241100x8000000000000000534622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8197a038133a3c2021-12-21 11:29:36.331root 11241100x8000000000000000534623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03ad59c7acec6372021-12-21 11:29:36.331root 11241100x8000000000000000534624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d5af74169f4e192021-12-21 11:29:36.331root 11241100x8000000000000000534625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7603bf4288047de2021-12-21 11:29:36.331root 11241100x8000000000000000534626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b354f275538357522021-12-21 11:29:36.331root 11241100x8000000000000000534627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf68b26c9a931162021-12-21 11:29:36.331root 11241100x8000000000000000534628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2859a1452af9c1682021-12-21 11:29:36.331root 11241100x8000000000000000534629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e56b28899cfd192021-12-21 11:29:36.693root 11241100x8000000000000000534630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529f787b3c1e8cb02021-12-21 11:29:36.693root 11241100x8000000000000000534631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fba921e430093202021-12-21 11:29:36.693root 11241100x8000000000000000534632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca18a9b6af64ffd62021-12-21 11:29:36.694root 11241100x8000000000000000534633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfba8c192a2b0da82021-12-21 11:29:36.694root 11241100x8000000000000000534634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d1c444682468d82021-12-21 11:29:36.694root 11241100x8000000000000000534635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4714bdd8861197b12021-12-21 11:29:36.694root 11241100x8000000000000000534636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194b6836dd357482021-12-21 11:29:36.694root 11241100x8000000000000000534637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516d2cf6e8d777f92021-12-21 11:29:36.695root 11241100x8000000000000000534638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce547e851317dbfa2021-12-21 11:29:36.695root 11241100x8000000000000000534639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977899b103773b392021-12-21 11:29:36.695root 11241100x8000000000000000534640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0012a58c69c912021-12-21 11:29:36.695root 11241100x8000000000000000534641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55641811bb65ddca2021-12-21 11:29:36.695root 11241100x8000000000000000534642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118f20fd61e894832021-12-21 11:29:36.695root 11241100x8000000000000000534643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c6aafe6bdb0a892021-12-21 11:29:36.695root 11241100x8000000000000000534644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a118bb085d130b2021-12-21 11:29:36.695root 11241100x8000000000000000534645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568f5e37786979402021-12-21 11:29:36.695root 11241100x8000000000000000534646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a0bd1421823f202021-12-21 11:29:36.695root 11241100x8000000000000000534647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f69428407671412021-12-21 11:29:36.695root 11241100x8000000000000000534648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28934c61f66f1602021-12-21 11:29:36.695root 11241100x8000000000000000534649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de332071008f1a662021-12-21 11:29:36.695root 11241100x8000000000000000534650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4503b2e44194d42021-12-21 11:29:36.695root 11241100x8000000000000000534651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3513885b3742efbb2021-12-21 11:29:36.695root 11241100x8000000000000000534652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4605eb5dfd6e4f2021-12-21 11:29:36.696root 11241100x8000000000000000534653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce1962e10d9d2752021-12-21 11:29:36.696root 11241100x8000000000000000534654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9eb5815df86a1f2021-12-21 11:29:36.696root 11241100x8000000000000000534655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33ff625754060c52021-12-21 11:29:37.193root 11241100x8000000000000000534656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4871a6ea703b0a2021-12-21 11:29:37.193root 11241100x8000000000000000534657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba25f1b9af9c83c22021-12-21 11:29:37.194root 11241100x8000000000000000534658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e8c7fd35457cdd2021-12-21 11:29:37.194root 11241100x8000000000000000534659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e048a098e726860a2021-12-21 11:29:37.194root 11241100x8000000000000000534660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec3a81c12760642021-12-21 11:29:37.194root 11241100x8000000000000000534661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b6972b8d5869f72021-12-21 11:29:37.194root 11241100x8000000000000000534662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777ac26b524c3a12021-12-21 11:29:37.194root 11241100x8000000000000000534663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c1465f6fce8b9e2021-12-21 11:29:37.194root 11241100x8000000000000000534664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09846af1822464512021-12-21 11:29:37.194root 11241100x8000000000000000534665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995e06c4e67d9e5b2021-12-21 11:29:37.194root 11241100x8000000000000000534666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eb5f7a91b9fabb2021-12-21 11:29:37.194root 11241100x8000000000000000534667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab9e3c19fbc387a2021-12-21 11:29:37.194root 11241100x8000000000000000534668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805817da1407849d2021-12-21 11:29:37.194root 11241100x8000000000000000534669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639176ec2dbe1caf2021-12-21 11:29:37.195root 11241100x8000000000000000534670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35bcbb44afe26592021-12-21 11:29:37.195root 11241100x8000000000000000534671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f980c872468c2d692021-12-21 11:29:37.195root 11241100x8000000000000000534672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab468b00168516c2021-12-21 11:29:37.195root 11241100x8000000000000000534673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d96f0561409ea8c2021-12-21 11:29:37.195root 11241100x8000000000000000534674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b5ffe09482390b2021-12-21 11:29:37.195root 11241100x8000000000000000534675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02ae2f10294beb42021-12-21 11:29:37.195root 11241100x8000000000000000534676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0c90b6b860fcc42021-12-21 11:29:37.196root 11241100x8000000000000000534677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a8c18b0eb2b4a52021-12-21 11:29:37.196root 11241100x8000000000000000534678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17709aa1e437a502021-12-21 11:29:37.693root 11241100x8000000000000000534679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9918eabc146d72021-12-21 11:29:37.693root 11241100x8000000000000000534680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dc9552d9c95b0b2021-12-21 11:29:37.693root 11241100x8000000000000000534681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c0cd099737d1952021-12-21 11:29:37.693root 11241100x8000000000000000534682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396106918509042d2021-12-21 11:29:37.693root 11241100x8000000000000000534683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3705f16e1fe7db672021-12-21 11:29:37.693root 11241100x8000000000000000534684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec0495d309ffd442021-12-21 11:29:37.693root 11241100x8000000000000000534685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8722352fb4967ad2021-12-21 11:29:37.694root 11241100x8000000000000000534686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b03fb83759d31722021-12-21 11:29:37.694root 11241100x8000000000000000534687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b247eca455e9cc32021-12-21 11:29:37.694root 11241100x8000000000000000534688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acabfb63a8ebb1432021-12-21 11:29:37.694root 11241100x8000000000000000534689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5e9860cef1ce42021-12-21 11:29:37.694root 11241100x8000000000000000534690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7fc0c852bcc2932021-12-21 11:29:37.695root 11241100x8000000000000000534691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c3ba1e09d5fa612021-12-21 11:29:37.695root 11241100x8000000000000000534692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871adf71a1b568b02021-12-21 11:29:37.695root 11241100x8000000000000000534693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd21adc3c8331b4a2021-12-21 11:29:37.695root 11241100x8000000000000000534694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e2a82c0f38b46d2021-12-21 11:29:37.695root 11241100x8000000000000000534695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0130aa9102cbd72021-12-21 11:29:37.695root 11241100x8000000000000000534696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7940abba715d14d2021-12-21 11:29:37.695root 11241100x8000000000000000534697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9773254dfe7d92021-12-21 11:29:37.696root 11241100x8000000000000000534698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a7fc4d540ed6c2021-12-21 11:29:37.696root 11241100x8000000000000000534699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42312047f14ea3c22021-12-21 11:29:37.696root 11241100x8000000000000000534700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0743caa530884602021-12-21 11:29:37.696root 11241100x8000000000000000534701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd7a8bc8dd80c0a2021-12-21 11:29:37.696root 11241100x8000000000000000534702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e898690161ea714c2021-12-21 11:29:37.696root 11241100x8000000000000000534703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c07e43ff2b84e62021-12-21 11:29:37.696root 11241100x8000000000000000534704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725495806565b8df2021-12-21 11:29:37.696root 11241100x8000000000000000534705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e081bd0b32fe440a2021-12-21 11:29:37.696root 11241100x8000000000000000534706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2412de90b785c6c82021-12-21 11:29:37.696root 11241100x8000000000000000534707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244662df153d781e2021-12-21 11:29:37.696root 11241100x8000000000000000534708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207a84d96d994ed02021-12-21 11:29:37.696root 11241100x8000000000000000534709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b10b539b29f02382021-12-21 11:29:37.696root 11241100x8000000000000000534710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69b33c7d65843292021-12-21 11:29:37.696root 11241100x8000000000000000534711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256e0bd51aaa3eef2021-12-21 11:29:38.193root 11241100x8000000000000000534712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f104674ea66de2021-12-21 11:29:38.193root 11241100x8000000000000000534713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9916554fce66eb382021-12-21 11:29:38.194root 11241100x8000000000000000534714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61331fefa2ec8c852021-12-21 11:29:38.194root 11241100x8000000000000000534715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13223768544ce3f42021-12-21 11:29:38.194root 11241100x8000000000000000534716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8337ed446dc34b2021-12-21 11:29:38.194root 11241100x8000000000000000534717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490751ce8fc0caa32021-12-21 11:29:38.194root 11241100x8000000000000000534718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ab8ed8cea0741b2021-12-21 11:29:38.194root 11241100x8000000000000000534719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf7658804cfb1f2021-12-21 11:29:38.194root 11241100x8000000000000000534720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6121b7f458741d2021-12-21 11:29:38.195root 11241100x8000000000000000534721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adda85a83b2b6b12021-12-21 11:29:38.195root 11241100x8000000000000000534722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44608c642cb49bd2021-12-21 11:29:38.195root 11241100x8000000000000000534723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5357606fc0f78462021-12-21 11:29:38.195root 11241100x8000000000000000534724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d070504b5ea43012021-12-21 11:29:38.195root 11241100x8000000000000000534725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8280164c355d37ef2021-12-21 11:29:38.195root 11241100x8000000000000000534726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fc345c75cd99d62021-12-21 11:29:38.195root 11241100x8000000000000000534727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1fad6ab90d87eb2021-12-21 11:29:38.196root 11241100x8000000000000000534728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c0dc762b5bfc3f2021-12-21 11:29:38.196root 11241100x8000000000000000534729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4970a10c7ef33942021-12-21 11:29:38.196root 11241100x8000000000000000534730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181ef401bd8858402021-12-21 11:29:38.196root 11241100x8000000000000000534731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935ac4105691c4182021-12-21 11:29:38.196root 11241100x8000000000000000534732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d14148fc12b04c02021-12-21 11:29:38.196root 11241100x8000000000000000534733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969a3bb19a4a4a42021-12-21 11:29:38.196root 354300x8000000000000000534734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.239{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48618-false10.0.1.12-8000- 11241100x8000000000000000534735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c6672bcdfd027e2021-12-21 11:29:38.693root 11241100x8000000000000000534736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59599dd3661732da2021-12-21 11:29:38.693root 11241100x8000000000000000534737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f349eccaebe884882021-12-21 11:29:38.693root 11241100x8000000000000000534738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2ad652b5f8e1c52021-12-21 11:29:38.693root 11241100x8000000000000000534739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df36855b6dd56deb2021-12-21 11:29:38.693root 11241100x8000000000000000534740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1e1c3b693285a22021-12-21 11:29:38.693root 11241100x8000000000000000534741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87b0c60f9c70b862021-12-21 11:29:38.693root 11241100x8000000000000000534742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8f5701a04931842021-12-21 11:29:38.693root 11241100x8000000000000000534743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b00ee484ecbec612021-12-21 11:29:38.693root 11241100x8000000000000000534744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb9c8e09ad141722021-12-21 11:29:38.693root 11241100x8000000000000000534745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4cb35e067b5de42021-12-21 11:29:38.694root 11241100x8000000000000000534746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff1549a52b209802021-12-21 11:29:38.694root 11241100x8000000000000000534747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10af2b52b1e228d2021-12-21 11:29:38.694root 11241100x8000000000000000534748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da4f5fc718dce072021-12-21 11:29:38.695root 11241100x8000000000000000534749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca188606330e3e42021-12-21 11:29:38.695root 11241100x8000000000000000534750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec2364854ae75c52021-12-21 11:29:38.695root 11241100x8000000000000000534751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2046ec699ebdc02021-12-21 11:29:38.695root 11241100x8000000000000000534752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff14fd960a71fec52021-12-21 11:29:38.695root 11241100x8000000000000000534753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c034af7ab556fe2021-12-21 11:29:38.696root 11241100x8000000000000000534754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7d4c23f4cbbfe2021-12-21 11:29:38.696root 11241100x8000000000000000534755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7e4dad235b53e02021-12-21 11:29:38.696root 11241100x8000000000000000534756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd84767312e21f232021-12-21 11:29:38.696root 11241100x8000000000000000534757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce7f00e052f585f2021-12-21 11:29:38.696root 11241100x8000000000000000534758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49abb822754adc92021-12-21 11:29:38.696root 11241100x8000000000000000534759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284f3eb43bb98d902021-12-21 11:29:38.696root 11241100x8000000000000000534760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45c6501361f3f392021-12-21 11:29:38.697root 11241100x8000000000000000534761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bb04462f578ea92021-12-21 11:29:38.697root 11241100x8000000000000000534762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d0b8f6325d3dd82021-12-21 11:29:38.697root 11241100x8000000000000000534763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c87267b6c61c22021-12-21 11:29:38.697root 11241100x8000000000000000534764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb21192d3f40de42021-12-21 11:29:38.697root 11241100x8000000000000000534765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477541b9ec57a7c02021-12-21 11:29:38.701root 11241100x8000000000000000534766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dbe113f3aa1b9f2021-12-21 11:29:38.701root 11241100x8000000000000000534767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8170c5c9d216bd2021-12-21 11:29:38.702root 11241100x8000000000000000534768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad433ffb001a9d42021-12-21 11:29:38.702root 11241100x8000000000000000534769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2910d34424e0692021-12-21 11:29:38.702root 11241100x8000000000000000534770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1568b07ae0308a2021-12-21 11:29:38.702root 11241100x8000000000000000534771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:38.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5159994294e547ba2021-12-21 11:29:38.702root 11241100x8000000000000000534772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d3fcaac1b70b042021-12-21 11:29:39.194root 11241100x8000000000000000534773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2953d2d68f31cf12021-12-21 11:29:39.194root 11241100x8000000000000000534774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7368e20b5f4260282021-12-21 11:29:39.194root 11241100x8000000000000000534775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822b6474141f62742021-12-21 11:29:39.194root 11241100x8000000000000000534776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9680e3927299032021-12-21 11:29:39.194root 11241100x8000000000000000534777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac34ba3697377d152021-12-21 11:29:39.194root 11241100x8000000000000000534778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ced0d29c9490732021-12-21 11:29:39.195root 11241100x8000000000000000534779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5a1d65a6cdac8f2021-12-21 11:29:39.195root 11241100x8000000000000000534780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd593b972bdbb49f2021-12-21 11:29:39.195root 11241100x8000000000000000534781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd588955fe322ca2021-12-21 11:29:39.195root 11241100x8000000000000000534782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac856082da77e592021-12-21 11:29:39.195root 11241100x8000000000000000534783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1cd17f68eda5d82021-12-21 11:29:39.195root 11241100x8000000000000000534784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5495ac61d25099e2021-12-21 11:29:39.196root 11241100x8000000000000000534785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f55ace21de1991a2021-12-21 11:29:39.196root 11241100x8000000000000000534786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88192f7527a787ba2021-12-21 11:29:39.196root 11241100x8000000000000000534787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadf9403d11c69f52021-12-21 11:29:39.196root 11241100x8000000000000000534788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42a7559675fc3b12021-12-21 11:29:39.196root 11241100x8000000000000000534789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c1e04753a167bb2021-12-21 11:29:39.196root 11241100x8000000000000000534790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca7f6fd6d9376b2021-12-21 11:29:39.197root 11241100x8000000000000000534791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb761bb9ab829972021-12-21 11:29:39.197root 11241100x8000000000000000534792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87369d986702cc902021-12-21 11:29:39.197root 11241100x8000000000000000534793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2aa5ede0ee4a9d2021-12-21 11:29:39.199root 11241100x8000000000000000534794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc18b467a0cc1502021-12-21 11:29:39.199root 11241100x8000000000000000534795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181302e44c6666cc2021-12-21 11:29:39.199root 23542300x8000000000000000534796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000534797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa79b7a5fed44332021-12-21 11:29:39.693root 11241100x8000000000000000534798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bcff873d62be372021-12-21 11:29:39.694root 11241100x8000000000000000534799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800b1765c4ecf35a2021-12-21 11:29:39.694root 11241100x8000000000000000534800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91484db055257cd92021-12-21 11:29:39.696root 11241100x8000000000000000534801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7505f878fb7049982021-12-21 11:29:39.696root 11241100x8000000000000000534802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b31fbc3fb8194112021-12-21 11:29:39.696root 11241100x8000000000000000534803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfab8393e318ecb2021-12-21 11:29:39.696root 11241100x8000000000000000534804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f550d660664efd2021-12-21 11:29:39.696root 11241100x8000000000000000534805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a600d6198952b72021-12-21 11:29:39.696root 11241100x8000000000000000534806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1147006e71e15ef2021-12-21 11:29:39.696root 11241100x8000000000000000534807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b176773a45eba532021-12-21 11:29:39.697root 11241100x8000000000000000534808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefdd8369382e0822021-12-21 11:29:39.697root 11241100x8000000000000000534809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706531d352e5d202021-12-21 11:29:39.697root 11241100x8000000000000000534810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a06aa7d91052cf2021-12-21 11:29:39.697root 11241100x8000000000000000534811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3ec73aa352e39c2021-12-21 11:29:39.697root 11241100x8000000000000000534812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42609c35b5ae70482021-12-21 11:29:39.697root 11241100x8000000000000000534813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a89b0308c7ac412021-12-21 11:29:39.698root 11241100x8000000000000000534814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf89fbce75106292021-12-21 11:29:39.698root 11241100x8000000000000000534815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0f8da6791351e32021-12-21 11:29:39.698root 11241100x8000000000000000534816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d12c81549b4d0ba2021-12-21 11:29:39.698root 11241100x8000000000000000534817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0199dae0ab0b512021-12-21 11:29:39.698root 11241100x8000000000000000534818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce04ab7e4deaf272021-12-21 11:29:39.699root 11241100x8000000000000000534819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe3ed6ac9b74c342021-12-21 11:29:39.699root 11241100x8000000000000000534820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c567e4da0148adeb2021-12-21 11:29:39.699root 11241100x8000000000000000534821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069ea5b6758c78e92021-12-21 11:29:39.699root 11241100x8000000000000000534822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d443277e9c22edb52021-12-21 11:29:40.193root 11241100x8000000000000000534823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600d3224e25a1ac42021-12-21 11:29:40.194root 11241100x8000000000000000534824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cbb2a0092c938b2021-12-21 11:29:40.194root 11241100x8000000000000000534825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9482db76ff843652021-12-21 11:29:40.194root 11241100x8000000000000000534826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad978b8752baef7c2021-12-21 11:29:40.194root 11241100x8000000000000000534827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fffa3b571b642e2021-12-21 11:29:40.194root 11241100x8000000000000000534828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0193adaa536f6a162021-12-21 11:29:40.195root 11241100x8000000000000000534829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65434993c58169cf2021-12-21 11:29:40.195root 11241100x8000000000000000534830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede71d62863c4e9b2021-12-21 11:29:40.195root 11241100x8000000000000000534831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962bf52c305af3822021-12-21 11:29:40.195root 11241100x8000000000000000534832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d6201af24f6e392021-12-21 11:29:40.195root 11241100x8000000000000000534833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7b334b437a617e2021-12-21 11:29:40.195root 11241100x8000000000000000534834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872951a4a2369722021-12-21 11:29:40.195root 11241100x8000000000000000534835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363e5dd988e9d3c2021-12-21 11:29:40.195root 11241100x8000000000000000534836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c4ff298dbca2af2021-12-21 11:29:40.195root 11241100x8000000000000000534837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f90167c5867ce2021-12-21 11:29:40.195root 11241100x8000000000000000534838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf4b0d77f68a9402021-12-21 11:29:40.195root 11241100x8000000000000000534839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663423e8bee1ae192021-12-21 11:29:40.196root 11241100x8000000000000000534840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1abac1018608872021-12-21 11:29:40.196root 11241100x8000000000000000534841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb611558372b6b72021-12-21 11:29:40.196root 11241100x8000000000000000534842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c59d6ab48ce6b1e2021-12-21 11:29:40.196root 11241100x8000000000000000534843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d6a4bfa9690abb2021-12-21 11:29:40.196root 11241100x8000000000000000534844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d586aba2748815f2021-12-21 11:29:40.196root 11241100x8000000000000000534845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5e448ffbe1d96e2021-12-21 11:29:40.196root 11241100x8000000000000000534846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d322470263371232021-12-21 11:29:40.196root 11241100x8000000000000000534847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8ec9ad1231e2802021-12-21 11:29:40.693root 11241100x8000000000000000534848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc1aff84bf583392021-12-21 11:29:40.693root 11241100x8000000000000000534849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f85a869d3def3f2021-12-21 11:29:40.693root 11241100x8000000000000000534850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5867aedd370f2742021-12-21 11:29:40.693root 11241100x8000000000000000534851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c10de10a0560f9c2021-12-21 11:29:40.693root 11241100x8000000000000000534852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95d7f5d3e5565462021-12-21 11:29:40.693root 11241100x8000000000000000534853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485eb1106ab5946a2021-12-21 11:29:40.693root 11241100x8000000000000000534854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826586ff5f3d5e392021-12-21 11:29:40.694root 11241100x8000000000000000534855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55083312acd643b2021-12-21 11:29:40.694root 11241100x8000000000000000534856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b616912f201652021-12-21 11:29:40.694root 11241100x8000000000000000534857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20c00249e087f32021-12-21 11:29:40.694root 11241100x8000000000000000534858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed76a0ae67a1c8592021-12-21 11:29:40.695root 11241100x8000000000000000534859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e19051f8300e3102021-12-21 11:29:40.695root 11241100x8000000000000000534860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96792d44f87cd142021-12-21 11:29:40.695root 11241100x8000000000000000534861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ae0d4c192984582021-12-21 11:29:40.695root 11241100x8000000000000000534862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99e74358dbed462021-12-21 11:29:40.696root 11241100x8000000000000000534863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cd59da8f39bd572021-12-21 11:29:40.696root 11241100x8000000000000000534864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abd48ad4f23b7372021-12-21 11:29:40.696root 11241100x8000000000000000534865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3917c9a148115772021-12-21 11:29:40.696root 11241100x8000000000000000534866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f137bc365809d82021-12-21 11:29:40.696root 11241100x8000000000000000534867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a18c2c7bfe62c12021-12-21 11:29:40.696root 11241100x8000000000000000534868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4b8bec302fd2832021-12-21 11:29:40.697root 11241100x8000000000000000534869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80dd0cde377bf622021-12-21 11:29:40.697root 11241100x8000000000000000534870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f9c58da51b3942021-12-21 11:29:40.697root 11241100x8000000000000000534871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e3b3686984bcc72021-12-21 11:29:40.697root 11241100x8000000000000000534872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c37d2edc951ebc22021-12-21 11:29:40.697root 11241100x8000000000000000534873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42b062eb1bb4c3d2021-12-21 11:29:40.697root 11241100x8000000000000000534874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08085dbad75bd492021-12-21 11:29:40.698root 11241100x8000000000000000534875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f484dd1fc80257d2021-12-21 11:29:40.698root 11241100x8000000000000000534876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff1d22166f5c0182021-12-21 11:29:40.698root 11241100x8000000000000000534877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3931fda8ccdf1c82021-12-21 11:29:40.698root 11241100x8000000000000000534878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8917d0784e3c72952021-12-21 11:29:40.698root 11241100x8000000000000000534879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9566b8f6025af0352021-12-21 11:29:40.698root 11241100x8000000000000000534880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36379f1bdf87a7592021-12-21 11:29:40.699root 11241100x8000000000000000534881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8fa64a680d8cbe2021-12-21 11:29:40.699root 11241100x8000000000000000534882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a3d17c61aacff2021-12-21 11:29:41.193root 11241100x8000000000000000534883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4caf5b0b48e80e22021-12-21 11:29:41.193root 11241100x8000000000000000534884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f80ec8b7cc6ded2021-12-21 11:29:41.193root 11241100x8000000000000000534885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf91d8e82820a902021-12-21 11:29:41.194root 11241100x8000000000000000534886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87d017a591cb07a2021-12-21 11:29:41.194root 11241100x8000000000000000534887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d37b6cf397af322021-12-21 11:29:41.194root 11241100x8000000000000000534888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28eaff8c3f84bee2021-12-21 11:29:41.194root 11241100x8000000000000000534889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e6bf4e0861ae4d2021-12-21 11:29:41.195root 11241100x8000000000000000534890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3daeb2c3b00f41c2021-12-21 11:29:41.195root 11241100x8000000000000000534891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dacebbcb71edfbf2021-12-21 11:29:41.195root 11241100x8000000000000000534892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7938d8de71d798d2021-12-21 11:29:41.195root 11241100x8000000000000000534893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b487bee88a8405ba2021-12-21 11:29:41.196root 11241100x8000000000000000534894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd021cd24eeadc2021-12-21 11:29:41.196root 11241100x8000000000000000534895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d710badd5973e8ce2021-12-21 11:29:41.196root 11241100x8000000000000000534896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7feb4fdc21d3d92021-12-21 11:29:41.196root 11241100x8000000000000000534897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff666979901076d2021-12-21 11:29:41.197root 11241100x8000000000000000534898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3567ad4593979a52021-12-21 11:29:41.197root 11241100x8000000000000000534899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56e2e982b15e462021-12-21 11:29:41.197root 11241100x8000000000000000534900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98775abd25b1e44b2021-12-21 11:29:41.198root 11241100x8000000000000000534901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddf092a989b5b42021-12-21 11:29:41.198root 11241100x8000000000000000534902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1ebd73faa15e112021-12-21 11:29:41.198root 11241100x8000000000000000534903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6529ef1acbd15122021-12-21 11:29:41.198root 11241100x8000000000000000534904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0c82ef5a4e49872021-12-21 11:29:41.199root 11241100x8000000000000000534905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddd898ffa0b2f952021-12-21 11:29:41.199root 11241100x8000000000000000534906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a394c7793ed1ad542021-12-21 11:29:41.199root 11241100x8000000000000000534907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026f5427b71a22ed2021-12-21 11:29:41.199root 11241100x8000000000000000534908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630b3364fbb5041b2021-12-21 11:29:41.200root 11241100x8000000000000000534909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d62162520ffe2c2021-12-21 11:29:41.200root 11241100x8000000000000000534910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24647ba82d391e632021-12-21 11:29:41.200root 11241100x8000000000000000534911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce64bdb325a358c2021-12-21 11:29:41.693root 11241100x8000000000000000534912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd34b938384c2922021-12-21 11:29:41.693root 11241100x8000000000000000534913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec80f252e2127842021-12-21 11:29:41.693root 11241100x8000000000000000534914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0523ae6619b081812021-12-21 11:29:41.694root 11241100x8000000000000000534915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae82f063129058a2021-12-21 11:29:41.694root 11241100x8000000000000000534916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a432ea584108512021-12-21 11:29:41.694root 11241100x8000000000000000534917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85977e34f1159612021-12-21 11:29:41.694root 11241100x8000000000000000534918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1530dce43e79182021-12-21 11:29:41.694root 11241100x8000000000000000534919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f362b31c985a662021-12-21 11:29:41.695root 11241100x8000000000000000534920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7c0df32e402cfc2021-12-21 11:29:41.695root 11241100x8000000000000000534921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220271b0133f3af52021-12-21 11:29:41.695root 11241100x8000000000000000534922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb710e5f0de82bc2021-12-21 11:29:41.695root 11241100x8000000000000000534923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f47881f445ab32021-12-21 11:29:41.695root 11241100x8000000000000000534924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118c1eb4c35326732021-12-21 11:29:41.695root 11241100x8000000000000000534925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe53a04f831544052021-12-21 11:29:41.696root 11241100x8000000000000000534926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338292537d81b47a2021-12-21 11:29:41.696root 11241100x8000000000000000534927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7ca4ab59661d02021-12-21 11:29:41.696root 11241100x8000000000000000534928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cf804a432672162021-12-21 11:29:41.696root 11241100x8000000000000000534929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6481653323aadcd2021-12-21 11:29:41.696root 11241100x8000000000000000534930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fdec64503017e42021-12-21 11:29:41.696root 11241100x8000000000000000534931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14da15c5b23067742021-12-21 11:29:41.696root 11241100x8000000000000000534932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7817b306efd7b4e72021-12-21 11:29:41.697root 11241100x8000000000000000534933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc54e49df3102ade2021-12-21 11:29:41.697root 11241100x8000000000000000534934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe0fe1c059a65b92021-12-21 11:29:41.697root 11241100x8000000000000000534935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b9e9aedb45e7822021-12-21 11:29:41.697root 11241100x8000000000000000534936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c443aa03568a079a2021-12-21 11:29:41.697root 11241100x8000000000000000534937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591d289b910d7f612021-12-21 11:29:41.697root 11241100x8000000000000000534938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d39d6510d0b80d72021-12-21 11:29:41.697root 11241100x8000000000000000534939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2e99e045b1bb102021-12-21 11:29:42.193root 11241100x8000000000000000534940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9848f1e2da5a640b2021-12-21 11:29:42.194root 11241100x8000000000000000534941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46adadd5608a7db82021-12-21 11:29:42.194root 11241100x8000000000000000534942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1860ac3088e0160d2021-12-21 11:29:42.194root 11241100x8000000000000000534943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c6408331008ce82021-12-21 11:29:42.194root 11241100x8000000000000000534944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997fc55bfbbd430f2021-12-21 11:29:42.194root 11241100x8000000000000000534945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e0ffcb125028672021-12-21 11:29:42.194root 11241100x8000000000000000534946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ee79c43ba60a992021-12-21 11:29:42.195root 11241100x8000000000000000534947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e713ad9872e6a6722021-12-21 11:29:42.195root 11241100x8000000000000000534948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a6df2fff77536b2021-12-21 11:29:42.195root 11241100x8000000000000000534949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e3dbdcf512769d2021-12-21 11:29:42.195root 11241100x8000000000000000534950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0422f0941614382021-12-21 11:29:42.195root 11241100x8000000000000000534951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a55eec251f6fc52021-12-21 11:29:42.195root 11241100x8000000000000000534952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f4f8a52640b8de2021-12-21 11:29:42.195root 11241100x8000000000000000534953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7542b7f7584aa7d82021-12-21 11:29:42.196root 11241100x8000000000000000534954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecb7df87335de472021-12-21 11:29:42.196root 11241100x8000000000000000534955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6206c4a41ca4ac2021-12-21 11:29:42.196root 11241100x8000000000000000534956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59459daa58639b32021-12-21 11:29:42.196root 11241100x8000000000000000534957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8fd934b4fe5ae82021-12-21 11:29:42.197root 11241100x8000000000000000534958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4266312e63f78b2021-12-21 11:29:42.197root 11241100x8000000000000000534959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85240dee633718f2021-12-21 11:29:42.198root 11241100x8000000000000000534960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2700bdabee4a162021-12-21 11:29:42.198root 11241100x8000000000000000534961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bff7ab7534e40d2021-12-21 11:29:42.198root 11241100x8000000000000000534962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645b04eb44bd0d252021-12-21 11:29:42.199root 11241100x8000000000000000534963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af01fda05a80ff652021-12-21 11:29:42.199root 11241100x8000000000000000534964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbfcb4b39f7dea32021-12-21 11:29:42.692root 11241100x8000000000000000534965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a7ef93b586b68a2021-12-21 11:29:42.693root 11241100x8000000000000000534966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecc6268309b0e222021-12-21 11:29:42.693root 11241100x8000000000000000534967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6951468ccba699ed2021-12-21 11:29:42.693root 11241100x8000000000000000534968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97f00508eec99d32021-12-21 11:29:42.694root 11241100x8000000000000000534969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de682da3a5e660f2021-12-21 11:29:42.694root 11241100x8000000000000000534970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58edac998cef92462021-12-21 11:29:42.694root 11241100x8000000000000000534971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a249854ba99e56012021-12-21 11:29:42.694root 11241100x8000000000000000534972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83aadea55bd0ec882021-12-21 11:29:42.695root 11241100x8000000000000000534973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd57f942398c5ba2021-12-21 11:29:42.695root 11241100x8000000000000000534974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600aab097a4837da2021-12-21 11:29:42.695root 11241100x8000000000000000534975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea0392c2cd5cf212021-12-21 11:29:42.695root 11241100x8000000000000000534976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bea3e242b73c6a2021-12-21 11:29:42.699root 11241100x8000000000000000534977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3fc0d2f510a96c2021-12-21 11:29:42.699root 11241100x8000000000000000534978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46bf39368832ce42021-12-21 11:29:42.699root 11241100x8000000000000000534979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d482ce2f94010a22021-12-21 11:29:42.699root 11241100x8000000000000000534980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82761457cf66b37d2021-12-21 11:29:42.699root 11241100x8000000000000000534981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880e4e1dcaee2d752021-12-21 11:29:42.699root 11241100x8000000000000000534982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b797a9d8c28a242021-12-21 11:29:42.700root 11241100x8000000000000000534983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40e2e4c80bc9de02021-12-21 11:29:42.700root 11241100x8000000000000000534984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2344fdf4e48e4a42021-12-21 11:29:42.700root 11241100x8000000000000000534985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a631626f7978355a2021-12-21 11:29:42.700root 11241100x8000000000000000534986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff0b9057533d4cb2021-12-21 11:29:42.700root 11241100x8000000000000000534987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217d71d18ab44ea82021-12-21 11:29:42.700root 11241100x8000000000000000534988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876dc05f8ad935632021-12-21 11:29:42.700root 11241100x8000000000000000534989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ae935f90b8b8822021-12-21 11:29:42.700root 11241100x8000000000000000534990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db55dd0b3d1b06642021-12-21 11:29:42.700root 11241100x8000000000000000534991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa14f6911076492021-12-21 11:29:42.700root 11241100x8000000000000000534992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d709488003f21c72021-12-21 11:29:42.700root 11241100x8000000000000000534993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638d1d2db14e4f062021-12-21 11:29:42.700root 11241100x8000000000000000534994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cb8cc2c52513d72021-12-21 11:29:42.700root 11241100x8000000000000000534995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6ad947a56d0e92021-12-21 11:29:42.700root 11241100x8000000000000000534996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0730bf9c0b99a8b2021-12-21 11:29:43.193root 11241100x8000000000000000534997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569d1b3ed0f3039e2021-12-21 11:29:43.194root 11241100x8000000000000000534998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a8bc2f23d82f72021-12-21 11:29:43.194root 11241100x8000000000000000534999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d18ad8705385812021-12-21 11:29:43.194root 11241100x8000000000000000535000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd356d4c369003b62021-12-21 11:29:43.194root 11241100x8000000000000000535001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b81bb0155ba6ff72021-12-21 11:29:43.194root 11241100x8000000000000000535002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bb926f69bc04572021-12-21 11:29:43.194root 11241100x8000000000000000535003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422626db7a3b4aa2021-12-21 11:29:43.194root 11241100x8000000000000000535004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0357d2f06bea7272021-12-21 11:29:43.194root 11241100x8000000000000000535005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df112032141c45702021-12-21 11:29:43.194root 11241100x8000000000000000535006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7d7184272de5742021-12-21 11:29:43.194root 11241100x8000000000000000535007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6eb9311db33c622021-12-21 11:29:43.194root 11241100x8000000000000000535008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220935ffef60a6572021-12-21 11:29:43.194root 11241100x8000000000000000535009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8bfd8e0df416662021-12-21 11:29:43.195root 11241100x8000000000000000535010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9134867830e97f2021-12-21 11:29:43.195root 11241100x8000000000000000535011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a5429b208a23752021-12-21 11:29:43.195root 11241100x8000000000000000535012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcea3553cbf64c222021-12-21 11:29:43.195root 11241100x8000000000000000535013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e20a284cd2611552021-12-21 11:29:43.195root 11241100x8000000000000000535014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cddb97e176dfc3a2021-12-21 11:29:43.195root 11241100x8000000000000000535015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5855ec083afc9fe2021-12-21 11:29:43.195root 11241100x8000000000000000535016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9391b5faa710d3662021-12-21 11:29:43.195root 11241100x8000000000000000535017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ea35cefc36f28e2021-12-21 11:29:43.195root 11241100x8000000000000000535018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9c6e15ff52206f2021-12-21 11:29:43.195root 11241100x8000000000000000535019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6983543fdb0734b22021-12-21 11:29:43.195root 11241100x8000000000000000535020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39de177a49aa9cd2021-12-21 11:29:43.196root 11241100x8000000000000000535021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac73c9b67428c0722021-12-21 11:29:43.693root 11241100x8000000000000000535022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af11a9c6e8de3b312021-12-21 11:29:43.693root 11241100x8000000000000000535023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3095ec8a470f19b42021-12-21 11:29:43.693root 11241100x8000000000000000535024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd09f99a77be3772021-12-21 11:29:43.693root 11241100x8000000000000000535025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b111ee409f857d2021-12-21 11:29:43.693root 11241100x8000000000000000535026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87cbaee8dd919d82021-12-21 11:29:43.693root 11241100x8000000000000000535027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491da2188cc99cb32021-12-21 11:29:43.694root 11241100x8000000000000000535028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ac77be0f0e55662021-12-21 11:29:43.694root 11241100x8000000000000000535029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c030b3cafb2d3a62021-12-21 11:29:43.694root 11241100x8000000000000000535030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2f09168e8e1f0c2021-12-21 11:29:43.694root 11241100x8000000000000000535031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a26ad0406b713a2021-12-21 11:29:43.694root 11241100x8000000000000000535032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a3f9e6651149c2021-12-21 11:29:43.694root 11241100x8000000000000000535033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624a37e94676f41f2021-12-21 11:29:43.694root 11241100x8000000000000000535034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0f3b23fee14e0e2021-12-21 11:29:43.694root 11241100x8000000000000000535035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3796ceacf51c8f62021-12-21 11:29:43.694root 11241100x8000000000000000535036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a41b2825780302021-12-21 11:29:43.694root 11241100x8000000000000000535037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e55cb7f8f296d2e2021-12-21 11:29:43.695root 11241100x8000000000000000535038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d5a94a03c6242d2021-12-21 11:29:43.695root 11241100x8000000000000000535039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be404291abb3dd402021-12-21 11:29:43.695root 11241100x8000000000000000535040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eea8c8354acb0c2021-12-21 11:29:43.695root 11241100x8000000000000000535041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc2e72058ec98152021-12-21 11:29:43.695root 11241100x8000000000000000535042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deee2e036fd6c2d2021-12-21 11:29:43.695root 11241100x8000000000000000535043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466462cf48fd29ae2021-12-21 11:29:43.695root 11241100x8000000000000000535044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e1cea94e5deabd2021-12-21 11:29:43.695root 11241100x8000000000000000535045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f403147fd3e285e52021-12-21 11:29:43.695root 11241100x8000000000000000535046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bba429dfdd11d402021-12-21 11:29:43.696root 11241100x8000000000000000535047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99e0e4249234e332021-12-21 11:29:43.696root 11241100x8000000000000000535048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a148de4af9d545dc2021-12-21 11:29:43.696root 11241100x8000000000000000535049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9236f0a8ed1e6c772021-12-21 11:29:43.696root 11241100x8000000000000000535050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17884009974ca2002021-12-21 11:29:43.696root 11241100x8000000000000000535051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7e4cc0cf21b9c2021-12-21 11:29:43.696root 11241100x8000000000000000535052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e6f05f9600109d2021-12-21 11:29:43.696root 354300x8000000000000000535053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:44.113{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48620-false10.0.1.12-8000- 11241100x8000000000000000535054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:29:44.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da1a617f9e07fac2021-12-21 11:29:44.113root 354300x8000000000000000535083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:01.021{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48626-false10.0.1.12-8000- 11241100x8000000000000000535084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c32be8df1fa2682021-12-21 11:30:01.442root 11241100x8000000000000000535085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2cda06b57986d92021-12-21 11:30:01.942root 11241100x8000000000000000535086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3f9d2193b3778b2021-12-21 11:30:02.442root 11241100x8000000000000000535087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5024c932d87d5942021-12-21 11:30:02.942root 11241100x8000000000000000535088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff2e62046a3c0ed2021-12-21 11:30:03.442root 11241100x8000000000000000535089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b90d889231f062021-12-21 11:30:03.943root 11241100x8000000000000000535090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a2c26a992153d12021-12-21 11:30:04.442root 11241100x8000000000000000535091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36286cd009f40a2021-12-21 11:30:04.942root 11241100x8000000000000000535092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caed38ed9d739d52021-12-21 11:30:05.442root 11241100x8000000000000000535093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:05.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf51eac04dda2d02021-12-21 11:30:05.942root 354300x8000000000000000535094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.103{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48628-false10.0.1.12-8000- 11241100x8000000000000000535095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:30:06.326root 11241100x8000000000000000535096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861c831962116932021-12-21 11:30:06.327root 11241100x8000000000000000535097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b73072f2178044e2021-12-21 11:30:06.328root 11241100x8000000000000000535098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189209944462d3f52021-12-21 11:30:06.328root 11241100x8000000000000000535099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a1f82528ea3a322021-12-21 11:30:06.692root 11241100x8000000000000000535100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342768bcacea0ee32021-12-21 11:30:06.693root 11241100x8000000000000000535101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff12d97f29c1b98d2021-12-21 11:30:06.693root 11241100x8000000000000000535102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b780f869554686cf2021-12-21 11:30:07.192root 11241100x8000000000000000535103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f0034377d9f2bc2021-12-21 11:30:07.193root 11241100x8000000000000000535104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ebb9130c52c922021-12-21 11:30:07.193root 11241100x8000000000000000535105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bda6cc97aa12a472021-12-21 11:30:07.692root 11241100x8000000000000000535106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0823c67aaeae4292021-12-21 11:30:07.693root 11241100x8000000000000000535107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4081fb06f7902212021-12-21 11:30:07.693root 11241100x8000000000000000535108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:08.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e1c5cfe16e4022021-12-21 11:30:08.192root 11241100x8000000000000000535109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8632a5e0673a6b392021-12-21 11:30:08.193root 11241100x8000000000000000535110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290f62b9b3ec00f12021-12-21 11:30:08.193root 11241100x8000000000000000535111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486351b5427533fb2021-12-21 11:30:08.692root 11241100x8000000000000000535112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d9a05b103bebac2021-12-21 11:30:08.693root 11241100x8000000000000000535113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654569bc53b18fa2021-12-21 11:30:08.693root 11241100x8000000000000000535114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4492392a99a95a2021-12-21 11:30:09.192root 11241100x8000000000000000535115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af0309145602f22021-12-21 11:30:09.193root 11241100x8000000000000000535116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc93b6784fc0d062021-12-21 11:30:09.193root 23542300x8000000000000000535117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000535118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4bffc61ba9cc02021-12-21 11:30:09.693root 11241100x8000000000000000535119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0bd3561642ac4e2021-12-21 11:30:09.693root 11241100x8000000000000000535120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1b868d86b530ea2021-12-21 11:30:09.693root 11241100x8000000000000000535121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e64fc22ef6014f2021-12-21 11:30:09.693root 11241100x8000000000000000535122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea9c55423abba142021-12-21 11:30:10.193root 11241100x8000000000000000535123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8916cdaa5f122b062021-12-21 11:30:10.193root 11241100x8000000000000000535124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97032df50bfd5e2021-12-21 11:30:10.193root 11241100x8000000000000000535125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a90f73a20ac28f72021-12-21 11:30:10.193root 11241100x8000000000000000535126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81898a96246696122021-12-21 11:30:10.692root 11241100x8000000000000000535127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c70992a6ab2edff2021-12-21 11:30:10.693root 11241100x8000000000000000535128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ed636d3bdea5cd2021-12-21 11:30:10.693root 11241100x8000000000000000535129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf91067505294762021-12-21 11:30:10.693root 354300x8000000000000000535130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.144{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48630-false10.0.1.12-8000- 11241100x8000000000000000535131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ab93aac43f71da2021-12-21 11:30:11.145root 11241100x8000000000000000535132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d652bdb8955303b62021-12-21 11:30:11.145root 11241100x8000000000000000535133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74e04119dc2c9ed2021-12-21 11:30:11.145root 11241100x8000000000000000535134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9502050e3df434092021-12-21 11:30:11.145root 11241100x8000000000000000535135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f65878a00e49f492021-12-21 11:30:11.146root 11241100x8000000000000000535136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6e98dae0470352021-12-21 11:30:11.443root 11241100x8000000000000000535137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7a06cc328c72642021-12-21 11:30:11.443root 11241100x8000000000000000535138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8f28aecc780e302021-12-21 11:30:11.443root 11241100x8000000000000000535139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0a8e24370e98022021-12-21 11:30:11.443root 11241100x8000000000000000535140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f124e9ca15e768692021-12-21 11:30:11.443root 11241100x8000000000000000535141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d611a092c90d1e232021-12-21 11:30:11.943root 11241100x8000000000000000535142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c6e6ae1f14b5a92021-12-21 11:30:11.943root 11241100x8000000000000000535143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50edc50968a8bd32021-12-21 11:30:11.943root 11241100x8000000000000000535144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b02dddab4fa832021-12-21 11:30:11.943root 11241100x8000000000000000535145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b10b60b4d60b512021-12-21 11:30:11.943root 11241100x8000000000000000535146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef69ec366c845272021-12-21 11:30:12.443root 11241100x8000000000000000535147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165dc7827b4208f42021-12-21 11:30:12.443root 11241100x8000000000000000535148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5bbb5144dba4e72021-12-21 11:30:12.443root 11241100x8000000000000000535149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f6ecdee44be9b72021-12-21 11:30:12.443root 11241100x8000000000000000535150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191a6359b68f7d12021-12-21 11:30:12.443root 11241100x8000000000000000535151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6b2a26b8632902021-12-21 11:30:12.943root 11241100x8000000000000000535152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a459437c440e442021-12-21 11:30:12.943root 11241100x8000000000000000535153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8304d9b90c9a282021-12-21 11:30:12.943root 11241100x8000000000000000535154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003ce4d7a5cae70e2021-12-21 11:30:12.943root 11241100x8000000000000000535155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef66f3182eacf5a2021-12-21 11:30:12.943root 11241100x8000000000000000535156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4daa2e30ea224b2021-12-21 11:30:13.443root 11241100x8000000000000000535157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ab742aafef99752021-12-21 11:30:13.443root 11241100x8000000000000000535158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d526dc3d72a276032021-12-21 11:30:13.443root 11241100x8000000000000000535159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e52c45256aa9cb82021-12-21 11:30:13.443root 11241100x8000000000000000535160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f29fecb4fab5fe82021-12-21 11:30:13.443root 11241100x8000000000000000535161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a0028db53a5c482021-12-21 11:30:13.943root 11241100x8000000000000000535162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46f80b031c446d52021-12-21 11:30:13.943root 11241100x8000000000000000535163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bff0b787c7d33c02021-12-21 11:30:13.943root 11241100x8000000000000000535164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84f7348e05bdc5e2021-12-21 11:30:13.943root 11241100x8000000000000000535165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea0b06456c524182021-12-21 11:30:13.943root 11241100x8000000000000000535166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d78e0c4b46b1232021-12-21 11:30:14.443root 11241100x8000000000000000535167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c2363a4f1b0212021-12-21 11:30:14.443root 11241100x8000000000000000535168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f2f05adf2de0ee2021-12-21 11:30:14.443root 11241100x8000000000000000535169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe5d6542bc585602021-12-21 11:30:14.443root 11241100x8000000000000000535170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386ec45f1cf754732021-12-21 11:30:14.443root 11241100x8000000000000000535171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ce9d098824cef42021-12-21 11:30:14.943root 11241100x8000000000000000535172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20df2ad91aaffcd2021-12-21 11:30:14.943root 11241100x8000000000000000535173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a3c85bdb75f732021-12-21 11:30:14.943root 11241100x8000000000000000535174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb115a7ad6e12922021-12-21 11:30:14.943root 11241100x8000000000000000535175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f022775455505dc42021-12-21 11:30:14.943root 11241100x8000000000000000535176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c39706bad6f07d82021-12-21 11:30:15.443root 11241100x8000000000000000535177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a54cc580641b2f2021-12-21 11:30:15.443root 11241100x8000000000000000535178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd1ab7fafdf8ddb2021-12-21 11:30:15.443root 11241100x8000000000000000535179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7a6bbfcf1a01fb2021-12-21 11:30:15.443root 11241100x8000000000000000535180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1957dda160588e322021-12-21 11:30:15.443root 11241100x8000000000000000535181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b431c7a1be65a8fe2021-12-21 11:30:15.943root 11241100x8000000000000000535182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f8ddc70958c1182021-12-21 11:30:15.943root 11241100x8000000000000000535183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb028ffd4d8008e12021-12-21 11:30:15.943root 11241100x8000000000000000535184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9263bb8ecf5c92021-12-21 11:30:15.943root 11241100x8000000000000000535185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57be2dd709ce4082021-12-21 11:30:15.943root 354300x8000000000000000535186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.147{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48632-false10.0.1.12-8000- 11241100x8000000000000000535187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86576ee20d732152021-12-21 11:30:16.443root 11241100x8000000000000000535188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dec1c36e576ffd2021-12-21 11:30:16.443root 11241100x8000000000000000535189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c462c0d21939572021-12-21 11:30:16.443root 11241100x8000000000000000535190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b26912a9157d90f2021-12-21 11:30:16.443root 11241100x8000000000000000535191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83403bb20c033c312021-12-21 11:30:16.443root 11241100x8000000000000000535192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0754b7678bcd93922021-12-21 11:30:16.443root 11241100x8000000000000000535193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75be27622d0ae4b22021-12-21 11:30:16.943root 11241100x8000000000000000535194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93c59aa6849c6a12021-12-21 11:30:16.943root 11241100x8000000000000000535195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7a19bea2a931d2021-12-21 11:30:16.943root 11241100x8000000000000000535196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c348244384d25232021-12-21 11:30:16.943root 11241100x8000000000000000535197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401464e4c8e682042021-12-21 11:30:16.943root 11241100x8000000000000000535198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf601bdbe2b7ab1f2021-12-21 11:30:16.943root 11241100x8000000000000000535199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf4e47621a2d782021-12-21 11:30:17.443root 11241100x8000000000000000535200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79591688047032ab2021-12-21 11:30:17.443root 11241100x8000000000000000535201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526117d00f2bba042021-12-21 11:30:17.443root 11241100x8000000000000000535202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c350bb29365eaad2021-12-21 11:30:17.443root 11241100x8000000000000000535203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaa1d198838e6ca2021-12-21 11:30:17.443root 11241100x8000000000000000535204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bfbf38723bbccc2021-12-21 11:30:17.443root 11241100x8000000000000000535205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcf3d7008d44b712021-12-21 11:30:17.943root 11241100x8000000000000000535206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333113bee8e07dd62021-12-21 11:30:17.943root 11241100x8000000000000000535207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998668a050aa81952021-12-21 11:30:17.943root 11241100x8000000000000000535208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879e3dc2b0faf00d2021-12-21 11:30:17.943root 11241100x8000000000000000535209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600b45a8ae1b07ab2021-12-21 11:30:17.943root 11241100x8000000000000000535210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e995ea1c303d2b112021-12-21 11:30:17.943root 11241100x8000000000000000535211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e852371fa68332021-12-21 11:30:18.443root 11241100x8000000000000000535212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16da17ef1973442021-12-21 11:30:18.443root 11241100x8000000000000000535213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd4e4ad1d1486ab2021-12-21 11:30:18.443root 11241100x8000000000000000535214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aaa963bb888a512021-12-21 11:30:18.443root 11241100x8000000000000000535215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b362d0f442c147f42021-12-21 11:30:18.443root 11241100x8000000000000000535216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761837f477c1dae82021-12-21 11:30:18.443root 154100x8000000000000000535217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.933{ec2b6afe-baca-61c1-6804-c4ab18560000}9881/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000535218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.934{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2487927c01d59352021-12-21 11:30:18.934root 11241100x8000000000000000535219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.934{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa155d8292e00442021-12-21 11:30:18.934root 11241100x8000000000000000535220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.934{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d00a85da2defce2021-12-21 11:30:18.934root 11241100x8000000000000000535221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.934{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e748d6e52561d12021-12-21 11:30:18.934root 11241100x8000000000000000535222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.935{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87785aeb34bbad092021-12-21 11:30:18.935root 11241100x8000000000000000535223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.935{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f457243675f26722021-12-21 11:30:18.935root 11241100x8000000000000000535224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.935{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9a539da6cb6ef02021-12-21 11:30:18.935root 534500x8000000000000000535225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:18.945{ec2b6afe-baca-61c1-6804-c4ab18560000}9881/bin/psroot 11241100x8000000000000000535226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e5e5b3e0f4c56a2021-12-21 11:30:19.193root 11241100x8000000000000000535227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3610766c4d7145132021-12-21 11:30:19.193root 11241100x8000000000000000535228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0aa1bed7aa35492021-12-21 11:30:19.193root 11241100x8000000000000000535229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c5e8e02821e7d32021-12-21 11:30:19.193root 11241100x8000000000000000535230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d762dd249a51ef3d2021-12-21 11:30:19.193root 11241100x8000000000000000535231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe2572a3f54bdc12021-12-21 11:30:19.193root 11241100x8000000000000000535232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5126d29f8b2f3a432021-12-21 11:30:19.193root 11241100x8000000000000000535233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c985e57dc780022021-12-21 11:30:19.193root 11241100x8000000000000000535234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdc014da7641a1a2021-12-21 11:30:19.693root 11241100x8000000000000000535235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8e8003479789cc2021-12-21 11:30:19.693root 11241100x8000000000000000535236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfe9010ee1a4e82021-12-21 11:30:19.693root 11241100x8000000000000000535237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189a667e57ae3702021-12-21 11:30:19.693root 11241100x8000000000000000535238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080028a97dd9e15b2021-12-21 11:30:19.693root 11241100x8000000000000000535239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e755415efca5c62021-12-21 11:30:19.693root 11241100x8000000000000000535240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd648721d8009ce2021-12-21 11:30:19.693root 11241100x8000000000000000535241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b4db8bcb34a2742021-12-21 11:30:19.693root 11241100x8000000000000000535242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c474b713da2212b2021-12-21 11:30:20.193root 11241100x8000000000000000535243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475f73bc1cd20dd02021-12-21 11:30:20.193root 11241100x8000000000000000535244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d0bf2ba82de9062021-12-21 11:30:20.193root 11241100x8000000000000000535245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ed62c03c2bae8b2021-12-21 11:30:20.193root 11241100x8000000000000000535246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8561fa2c346c5e5a2021-12-21 11:30:20.193root 11241100x8000000000000000535247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33917a51c2bb47d02021-12-21 11:30:20.193root 11241100x8000000000000000535248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f35b45258b85e762021-12-21 11:30:20.193root 11241100x8000000000000000535249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2abadf34284f69a2021-12-21 11:30:20.193root 11241100x8000000000000000535250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21cb7714c86286e2021-12-21 11:30:20.693root 11241100x8000000000000000535251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b1483c252a9de42021-12-21 11:30:20.693root 11241100x8000000000000000535252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d5fbe49d7673df2021-12-21 11:30:20.693root 11241100x8000000000000000535253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442dab246a87d2642021-12-21 11:30:20.693root 11241100x8000000000000000535254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025389cec5bcc0972021-12-21 11:30:20.693root 11241100x8000000000000000535255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeb402af5558ccb2021-12-21 11:30:20.693root 11241100x8000000000000000535256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06668e73be20951f2021-12-21 11:30:20.693root 11241100x8000000000000000535257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076d550d9a831ffe2021-12-21 11:30:20.694root 354300x8000000000000000535258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.190{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48634-false10.0.1.12-8000- 11241100x8000000000000000535259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca34d6a58158245c2021-12-21 11:30:21.190root 11241100x8000000000000000535260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c33c205e61aa932021-12-21 11:30:21.191root 11241100x8000000000000000535261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0704f804c7a11ff2021-12-21 11:30:21.191root 11241100x8000000000000000535262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72defef117749efe2021-12-21 11:30:21.191root 11241100x8000000000000000535263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae7ec9b2a12ba1d2021-12-21 11:30:21.191root 11241100x8000000000000000535264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d8705d8e86b78c2021-12-21 11:30:21.191root 11241100x8000000000000000535265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3a02c5cc1b5a652021-12-21 11:30:21.191root 11241100x8000000000000000535266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b9b7a3842fd3382021-12-21 11:30:21.191root 11241100x8000000000000000535267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ae6973072a8392021-12-21 11:30:21.191root 11241100x8000000000000000535268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fb886093e968832021-12-21 11:30:21.443root 11241100x8000000000000000535269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6054bcdcb33163422021-12-21 11:30:21.443root 11241100x8000000000000000535270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2ce86b52b2b6522021-12-21 11:30:21.443root 11241100x8000000000000000535271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b85950647c414c42021-12-21 11:30:21.443root 11241100x8000000000000000535272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b08e9146dff8e02021-12-21 11:30:21.443root 11241100x8000000000000000535273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c03b27abd8102522021-12-21 11:30:21.443root 11241100x8000000000000000535274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a70864ca12273bd2021-12-21 11:30:21.443root 11241100x8000000000000000535275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fdd69f6ae6e8f62021-12-21 11:30:21.443root 11241100x8000000000000000535276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922176f1e68792e62021-12-21 11:30:21.443root 11241100x8000000000000000535277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60ffbcefa73c34c2021-12-21 11:30:21.943root 11241100x8000000000000000535278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ab08593b8f44e2021-12-21 11:30:21.943root 11241100x8000000000000000535279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b35ee72deff6902021-12-21 11:30:21.943root 11241100x8000000000000000535280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5117a25ed239ada2021-12-21 11:30:21.944root 11241100x8000000000000000535281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27dc27831d753992021-12-21 11:30:21.944root 11241100x8000000000000000535282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74689acb4cd844a2021-12-21 11:30:21.944root 11241100x8000000000000000535283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b23181b9a42b8c2021-12-21 11:30:21.944root 11241100x8000000000000000535284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9112e67000cc3ea52021-12-21 11:30:21.944root 11241100x8000000000000000535285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5755b7aab25be0162021-12-21 11:30:21.944root 11241100x8000000000000000535286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d217200e5570bc922021-12-21 11:30:22.442root 11241100x8000000000000000535287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47253c8bb064dd2021-12-21 11:30:22.443root 11241100x8000000000000000535288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5efb082702ca91a2021-12-21 11:30:22.443root 11241100x8000000000000000535289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3b3f50921b90672021-12-21 11:30:22.443root 11241100x8000000000000000535290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eff0fa501bdbfc22021-12-21 11:30:22.443root 11241100x8000000000000000535291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c71e381074d0b2021-12-21 11:30:22.443root 11241100x8000000000000000535292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d252dd43e69aa4b2021-12-21 11:30:22.443root 11241100x8000000000000000535293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4663c7a9338fcf342021-12-21 11:30:22.443root 11241100x8000000000000000535294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189e90fadfcaaff32021-12-21 11:30:22.443root 11241100x8000000000000000535295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd510d6aea6bcb52021-12-21 11:30:22.943root 11241100x8000000000000000535296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d51cafc257bd6ad2021-12-21 11:30:22.943root 11241100x8000000000000000535297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26d322d993ee2162021-12-21 11:30:22.943root 11241100x8000000000000000535298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c78f51497d65432021-12-21 11:30:22.943root 11241100x8000000000000000535299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8296b69ee46851d72021-12-21 11:30:22.943root 11241100x8000000000000000535300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c2b3654c44c1382021-12-21 11:30:22.943root 11241100x8000000000000000535301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1f61fc808dc1542021-12-21 11:30:22.943root 11241100x8000000000000000535302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2b7f0cc2194cfd2021-12-21 11:30:22.943root 11241100x8000000000000000535303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38643aee436b45f2021-12-21 11:30:22.943root 11241100x8000000000000000535304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79ab797eae050282021-12-21 11:30:23.443root 11241100x8000000000000000535305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4f7da2e98491752021-12-21 11:30:23.443root 11241100x8000000000000000535306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ba2f0e5f479532021-12-21 11:30:23.443root 11241100x8000000000000000535307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910a5f4ff80581612021-12-21 11:30:23.443root 11241100x8000000000000000535308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d829647d7dabd682021-12-21 11:30:23.443root 11241100x8000000000000000535309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93022ac73333c7fa2021-12-21 11:30:23.443root 11241100x8000000000000000535310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a037533fe6d21d72021-12-21 11:30:23.443root 11241100x8000000000000000535311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e8e9ec3d97688e2021-12-21 11:30:23.443root 11241100x8000000000000000535312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3fcb8bae06b4f2021-12-21 11:30:23.443root 11241100x8000000000000000535313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd3eb769f2bb6c52021-12-21 11:30:23.943root 11241100x8000000000000000535314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8550b7f7f47aa22021-12-21 11:30:23.943root 11241100x8000000000000000535315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b734bb02b69b22762021-12-21 11:30:23.943root 11241100x8000000000000000535316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f4362457c3a7692021-12-21 11:30:23.943root 11241100x8000000000000000535317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409d3a7d0d9f75392021-12-21 11:30:23.943root 11241100x8000000000000000535318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176b6d277e7805ca2021-12-21 11:30:23.943root 11241100x8000000000000000535319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f58304ca64adb32021-12-21 11:30:23.943root 11241100x8000000000000000535320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a6785dce13cb3b2021-12-21 11:30:23.943root 11241100x8000000000000000535321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ce2ce6d213c5b2021-12-21 11:30:23.943root 11241100x8000000000000000535322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a602186e679d12021-12-21 11:30:24.443root 11241100x8000000000000000535323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d7368c5d563cee2021-12-21 11:30:24.443root 11241100x8000000000000000535324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86552db5abe9d5a22021-12-21 11:30:24.443root 11241100x8000000000000000535325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06248a458695e4462021-12-21 11:30:24.443root 11241100x8000000000000000535326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6151946939b362d2021-12-21 11:30:24.443root 11241100x8000000000000000535327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a87375ad9931452021-12-21 11:30:24.443root 11241100x8000000000000000535328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb617f7c8701b9f02021-12-21 11:30:24.443root 11241100x8000000000000000535329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f7c2529777e57b2021-12-21 11:30:24.443root 11241100x8000000000000000535330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81ea64ca6f72d462021-12-21 11:30:24.443root 11241100x8000000000000000535331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c81d3b68a7b6ca2021-12-21 11:30:24.943root 11241100x8000000000000000535332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b9d549b16882452021-12-21 11:30:24.943root 11241100x8000000000000000535333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddc5aa4405fba5a2021-12-21 11:30:24.943root 11241100x8000000000000000535334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7905dff264a24f172021-12-21 11:30:24.943root 11241100x8000000000000000535335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecd2de8eb789b9d2021-12-21 11:30:24.943root 11241100x8000000000000000535336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbabb03888d29192021-12-21 11:30:24.943root 11241100x8000000000000000535337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ca9ea57af941bb2021-12-21 11:30:24.943root 11241100x8000000000000000535338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643038e7a2a07fc42021-12-21 11:30:24.943root 11241100x8000000000000000535339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f45934748b254142021-12-21 11:30:24.944root 11241100x8000000000000000535340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbe93a2ab5553e22021-12-21 11:30:25.443root 11241100x8000000000000000535341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1216196b6059be9d2021-12-21 11:30:25.443root 11241100x8000000000000000535342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d07a46324aa4402021-12-21 11:30:25.443root 11241100x8000000000000000535343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21597fa7e0ffe4032021-12-21 11:30:25.443root 11241100x8000000000000000535344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6145cf35a16baa32021-12-21 11:30:25.443root 11241100x8000000000000000535345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679e707d8b8e85312021-12-21 11:30:25.443root 11241100x8000000000000000535346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743c10915ecdd4682021-12-21 11:30:25.443root 11241100x8000000000000000535347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4e663acfa9ba372021-12-21 11:30:25.443root 11241100x8000000000000000535348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e0a9a533c187862021-12-21 11:30:25.443root 354300x8000000000000000535349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.475{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35700-false10.0.1.12-8089- 11241100x8000000000000000535350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284354e0b00a7f4c2021-12-21 11:30:25.943root 11241100x8000000000000000535351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4216c60355bf8a2021-12-21 11:30:25.943root 11241100x8000000000000000535352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016439ca37a5aad82021-12-21 11:30:25.943root 11241100x8000000000000000535353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681df16ff2db0bf92021-12-21 11:30:25.943root 11241100x8000000000000000535354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fb2fe488f795b32021-12-21 11:30:25.943root 11241100x8000000000000000535355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226740477023bfd2021-12-21 11:30:25.943root 11241100x8000000000000000535356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802fd57daee09b192021-12-21 11:30:25.943root 11241100x8000000000000000535357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017502041fadb0de2021-12-21 11:30:25.943root 11241100x8000000000000000535358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7fc7bf5846d9942021-12-21 11:30:25.944root 11241100x8000000000000000535359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b981d6a1496b469d2021-12-21 11:30:25.944root 11241100x8000000000000000535360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2463d2b6328218842021-12-21 11:30:26.443root 11241100x8000000000000000535361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b67143a06b96f62021-12-21 11:30:26.443root 11241100x8000000000000000535362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23923465896b63412021-12-21 11:30:26.443root 11241100x8000000000000000535363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9e671648fab63c2021-12-21 11:30:26.443root 11241100x8000000000000000535364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31913b63c7231822021-12-21 11:30:26.443root 11241100x8000000000000000535365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ec84119a5a6e862021-12-21 11:30:26.444root 11241100x8000000000000000535366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8103bccec93353a62021-12-21 11:30:26.444root 11241100x8000000000000000535367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585b3e85c24c5a9a2021-12-21 11:30:26.444root 11241100x8000000000000000535368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a17e0ac0701262e2021-12-21 11:30:26.444root 11241100x8000000000000000535369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0410185ae9fb1f7c2021-12-21 11:30:26.444root 11241100x8000000000000000535370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45289bae9033a13a2021-12-21 11:30:26.943root 11241100x8000000000000000535371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789a74bacebc36f62021-12-21 11:30:26.943root 11241100x8000000000000000535372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b229aa913b06fa62021-12-21 11:30:26.943root 11241100x8000000000000000535373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f47436cbc5b96502021-12-21 11:30:26.943root 11241100x8000000000000000535374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25a428d2a59043b2021-12-21 11:30:26.943root 11241100x8000000000000000535375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39391da97289e22021-12-21 11:30:26.943root 11241100x8000000000000000535376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a56c21e2dda2882021-12-21 11:30:26.943root 11241100x8000000000000000535377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dde9232e40373b2021-12-21 11:30:26.943root 11241100x8000000000000000535378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a0354c1bc6db132021-12-21 11:30:26.944root 11241100x8000000000000000535379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eb245db3d241362021-12-21 11:30:26.944root 354300x8000000000000000535380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48638-false10.0.1.12-8000- 11241100x8000000000000000535381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e4f91a6db3f4062021-12-21 11:30:27.443root 11241100x8000000000000000535382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5be62abb7cbcd2021-12-21 11:30:27.443root 11241100x8000000000000000535383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2214e6e408da02021-12-21 11:30:27.443root 11241100x8000000000000000535384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c328a9645e068ae2021-12-21 11:30:27.444root 11241100x8000000000000000535385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc42754e9bfd232021-12-21 11:30:27.444root 11241100x8000000000000000535386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677a5d87d4a46e782021-12-21 11:30:27.444root 11241100x8000000000000000535387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e05295bd474138f2021-12-21 11:30:27.444root 11241100x8000000000000000535388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e90577d0e53fcf2021-12-21 11:30:27.444root 11241100x8000000000000000535389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018644f2284eaf502021-12-21 11:30:27.444root 11241100x8000000000000000535390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a222005f8716400e2021-12-21 11:30:27.444root 11241100x8000000000000000535391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa3b72c9a160f5a2021-12-21 11:30:27.444root 11241100x8000000000000000535392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df48650d303a6d522021-12-21 11:30:27.943root 11241100x8000000000000000535393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016b2fa7761dfe962021-12-21 11:30:27.943root 11241100x8000000000000000535394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcb1484fcb2c93a2021-12-21 11:30:27.943root 11241100x8000000000000000535395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f802a869e38b722021-12-21 11:30:27.943root 11241100x8000000000000000535396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe74cb72d6674052021-12-21 11:30:27.943root 11241100x8000000000000000535397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813003aea4576fb2021-12-21 11:30:27.943root 11241100x8000000000000000535398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8dc6d6d81cb532021-12-21 11:30:27.943root 11241100x8000000000000000535399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d24aa1de83c22c2021-12-21 11:30:27.944root 11241100x8000000000000000535400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43338d6f5cc22a442021-12-21 11:30:27.944root 11241100x8000000000000000535401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52084384154ffcb2021-12-21 11:30:27.944root 11241100x8000000000000000535402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e525162a05869ffc2021-12-21 11:30:27.944root 11241100x8000000000000000535403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10df66b1376b505d2021-12-21 11:30:28.443root 11241100x8000000000000000535404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b48dee521707132021-12-21 11:30:28.443root 11241100x8000000000000000535405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9f390d14f34902021-12-21 11:30:28.443root 11241100x8000000000000000535406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdff9d1b231692032021-12-21 11:30:28.443root 11241100x8000000000000000535407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89f5f96324a7cb92021-12-21 11:30:28.443root 11241100x8000000000000000535408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01409d8cd2c021ca2021-12-21 11:30:28.444root 11241100x8000000000000000535409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98136aa1e19f02992021-12-21 11:30:28.444root 11241100x8000000000000000535410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742cfe60aa9b51cc2021-12-21 11:30:28.444root 11241100x8000000000000000535411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3073faeae5b9ff752021-12-21 11:30:28.444root 11241100x8000000000000000535412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d76ad9609250c42021-12-21 11:30:28.444root 11241100x8000000000000000535413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7207534a99be48632021-12-21 11:30:28.444root 11241100x8000000000000000535414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d31f0564a1568f52021-12-21 11:30:28.943root 11241100x8000000000000000535415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8e735b1ff5be342021-12-21 11:30:28.943root 11241100x8000000000000000535416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fa591b343b63142021-12-21 11:30:28.943root 11241100x8000000000000000535417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b2e8f9a60f5c662021-12-21 11:30:28.943root 11241100x8000000000000000535418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bf5a650ab686142021-12-21 11:30:28.943root 11241100x8000000000000000535419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aef4fde3bd9884c2021-12-21 11:30:28.943root 11241100x8000000000000000535420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dd956312b9a23a2021-12-21 11:30:28.943root 11241100x8000000000000000535421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5762bb5c9cc7cf232021-12-21 11:30:28.943root 11241100x8000000000000000535422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f430cf81345ea1702021-12-21 11:30:28.943root 11241100x8000000000000000535423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf6a987c78984b12021-12-21 11:30:28.944root 11241100x8000000000000000535424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac5c5023ca6af0d2021-12-21 11:30:28.944root 11241100x8000000000000000535425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabc238c60055d842021-12-21 11:30:29.443root 11241100x8000000000000000535426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c263d46c5e8eb8b2021-12-21 11:30:29.443root 11241100x8000000000000000535427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7be139173503312021-12-21 11:30:29.443root 11241100x8000000000000000535428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07ae6535307f2792021-12-21 11:30:29.443root 11241100x8000000000000000535429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f48e0381acfdf2021-12-21 11:30:29.443root 11241100x8000000000000000535430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d549bde6b337f3502021-12-21 11:30:29.443root 11241100x8000000000000000535431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1ebbf3d67ed7e32021-12-21 11:30:29.443root 11241100x8000000000000000535432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfd462406ce8ed52021-12-21 11:30:29.443root 11241100x8000000000000000535433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ca1e505ddb073f2021-12-21 11:30:29.443root 11241100x8000000000000000535434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303daa74c48c74112021-12-21 11:30:29.443root 11241100x8000000000000000535435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd284afddab425a52021-12-21 11:30:29.443root 11241100x8000000000000000535436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee89a689c8f2a5a2021-12-21 11:30:29.943root 11241100x8000000000000000535437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef411fdda18728ff2021-12-21 11:30:29.943root 11241100x8000000000000000535438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c86eb86e23183de2021-12-21 11:30:29.943root 11241100x8000000000000000535439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad34338e5e0e4e8c2021-12-21 11:30:29.943root 11241100x8000000000000000535440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4e660f86cd49352021-12-21 11:30:29.943root 11241100x8000000000000000535441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd44559464834b02021-12-21 11:30:29.943root 11241100x8000000000000000535442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e992a269874532021-12-21 11:30:29.943root 11241100x8000000000000000535443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499ae84c0a6d40b12021-12-21 11:30:29.944root 11241100x8000000000000000535444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd7bb8d6ffea7972021-12-21 11:30:29.944root 11241100x8000000000000000535445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122860cfe681d50c2021-12-21 11:30:29.944root 11241100x8000000000000000535446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a69ef5a862d20b2021-12-21 11:30:29.944root 11241100x8000000000000000535447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e707fe90291544be2021-12-21 11:30:30.442root 11241100x8000000000000000535448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02513f2d52e6e0eb2021-12-21 11:30:30.443root 11241100x8000000000000000535449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a8e85f0c5cfec12021-12-21 11:30:30.443root 11241100x8000000000000000535450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b62281f56a07b52021-12-21 11:30:30.443root 11241100x8000000000000000535451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f107912b4210272021-12-21 11:30:30.443root 11241100x8000000000000000535452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb7546c910d8212021-12-21 11:30:30.443root 11241100x8000000000000000535453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcea18d6c5eb82092021-12-21 11:30:30.443root 11241100x8000000000000000535454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db25011485b70132021-12-21 11:30:30.443root 11241100x8000000000000000535455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1771e1e928f268f02021-12-21 11:30:30.443root 11241100x8000000000000000535456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2de349adb15ebc2021-12-21 11:30:30.443root 11241100x8000000000000000535457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af13bfab2f9319b2021-12-21 11:30:30.443root 11241100x8000000000000000535458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c06590966fdaba62021-12-21 11:30:30.943root 11241100x8000000000000000535459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af1465ebd740ec2021-12-21 11:30:30.943root 11241100x8000000000000000535460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dfb7f22864eca72021-12-21 11:30:30.943root 11241100x8000000000000000535461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daba9a9befd60ec42021-12-21 11:30:30.943root 11241100x8000000000000000535462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016c0147c3fbc56d2021-12-21 11:30:30.943root 11241100x8000000000000000535463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b399efbb0d46f7c72021-12-21 11:30:30.943root 11241100x8000000000000000535464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78fd5bcffe94932021-12-21 11:30:30.943root 11241100x8000000000000000535465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07feda1a3956a9b2021-12-21 11:30:30.943root 11241100x8000000000000000535466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3ccea4ae3b6aeb2021-12-21 11:30:30.943root 11241100x8000000000000000535467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fef8045164f7b82021-12-21 11:30:30.944root 11241100x8000000000000000535468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6759e94521753e7a2021-12-21 11:30:30.944root 11241100x8000000000000000535469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ff3a9a2440e7f22021-12-21 11:30:31.443root 11241100x8000000000000000535470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75700dd67d479dfe2021-12-21 11:30:31.443root 11241100x8000000000000000535471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6f88906b0eaee12021-12-21 11:30:31.443root 11241100x8000000000000000535472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30473b3e391d7ac2021-12-21 11:30:31.443root 11241100x8000000000000000535473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068542cf1a159a162021-12-21 11:30:31.443root 11241100x8000000000000000535474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22797805de0a6c22021-12-21 11:30:31.443root 11241100x8000000000000000535475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b811458e4650f72021-12-21 11:30:31.444root 11241100x8000000000000000535476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203e2cf845b924f2021-12-21 11:30:31.445root 11241100x8000000000000000535477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb310c26317d97962021-12-21 11:30:31.445root 11241100x8000000000000000535478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e902f2fad79e74902021-12-21 11:30:31.445root 11241100x8000000000000000535479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31308376e2787282021-12-21 11:30:31.445root 11241100x8000000000000000535480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab4a49e03f7d15f2021-12-21 11:30:31.943root 11241100x8000000000000000535481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767cc43183958ddc2021-12-21 11:30:31.943root 11241100x8000000000000000535482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbb2209839520322021-12-21 11:30:31.943root 11241100x8000000000000000535483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8823ef29d023cd2021-12-21 11:30:31.943root 11241100x8000000000000000535484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4f7890c1c6961b2021-12-21 11:30:31.943root 11241100x8000000000000000535485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8239557c53e58c62021-12-21 11:30:31.943root 11241100x8000000000000000535486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8608ed9ac95192021-12-21 11:30:31.943root 11241100x8000000000000000535487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83240056f0000672021-12-21 11:30:31.944root 11241100x8000000000000000535488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c2888d0619ab92021-12-21 11:30:31.944root 11241100x8000000000000000535489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8549f610614d28962021-12-21 11:30:31.944root 11241100x8000000000000000535490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4249ef7f48893bfe2021-12-21 11:30:31.944root 354300x8000000000000000535491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48640-false10.0.1.12-8000- 11241100x8000000000000000535492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180f10d8156d9222021-12-21 11:30:32.443root 11241100x8000000000000000535493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f74170394bb1da2021-12-21 11:30:32.443root 11241100x8000000000000000535494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b381fcf7046e4e52021-12-21 11:30:32.443root 11241100x8000000000000000535495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe57db164c9c9d12021-12-21 11:30:32.443root 11241100x8000000000000000535496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62950c717b170492021-12-21 11:30:32.443root 11241100x8000000000000000535497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa8bec79598a8c82021-12-21 11:30:32.444root 11241100x8000000000000000535498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0c4d751d0492bd2021-12-21 11:30:32.444root 11241100x8000000000000000535499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ccec7376a2a79b2021-12-21 11:30:32.444root 11241100x8000000000000000535500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb71b3892446f092021-12-21 11:30:32.445root 11241100x8000000000000000535501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c206342fcafcf322021-12-21 11:30:32.445root 11241100x8000000000000000535502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfba977ae49bf1392021-12-21 11:30:32.445root 11241100x8000000000000000535503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a3596042773fc12021-12-21 11:30:32.445root 11241100x8000000000000000535504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0664c1e5bd107b2021-12-21 11:30:32.943root 11241100x8000000000000000535505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e383a1f9bfc557f2021-12-21 11:30:32.943root 11241100x8000000000000000535506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a79fe0bcb02c962021-12-21 11:30:32.943root 11241100x8000000000000000535507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3c0e1f60b2d3372021-12-21 11:30:32.943root 11241100x8000000000000000535508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6b891d4b231e92021-12-21 11:30:32.943root 11241100x8000000000000000535509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c617ecacb29ee4af2021-12-21 11:30:32.944root 11241100x8000000000000000535510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469de9d47faeff42021-12-21 11:30:32.944root 11241100x8000000000000000535511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c9821903c928bc2021-12-21 11:30:32.944root 11241100x8000000000000000535512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9859e6c750ed8fa32021-12-21 11:30:32.944root 11241100x8000000000000000535513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90308ae7253417e32021-12-21 11:30:32.944root 11241100x8000000000000000535514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb40ead376c2a402021-12-21 11:30:32.944root 11241100x8000000000000000535515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838f0ea0103282522021-12-21 11:30:32.944root 11241100x8000000000000000535516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a31b4da9f869a12021-12-21 11:30:33.443root 11241100x8000000000000000535517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6ac0865c131ee02021-12-21 11:30:33.443root 11241100x8000000000000000535518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8683dc76715836032021-12-21 11:30:33.443root 11241100x8000000000000000535519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96d19366281fdd32021-12-21 11:30:33.444root 11241100x8000000000000000535520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab10186e9eb5cb42021-12-21 11:30:33.444root 11241100x8000000000000000535521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1c8639a0d501312021-12-21 11:30:33.444root 11241100x8000000000000000535522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a294c2d6446a5892021-12-21 11:30:33.444root 11241100x8000000000000000535523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8328a35d1561a22021-12-21 11:30:33.444root 11241100x8000000000000000535524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350ddde6798d5e432021-12-21 11:30:33.444root 11241100x8000000000000000535525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf5be074ced9012021-12-21 11:30:33.444root 11241100x8000000000000000535526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07de3efeb82f4fa2021-12-21 11:30:33.445root 11241100x8000000000000000535527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d79b1bfe839b2532021-12-21 11:30:33.445root 11241100x8000000000000000535528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b25680d2c92dbf12021-12-21 11:30:33.943root 11241100x8000000000000000535529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf65a6d81b065d82021-12-21 11:30:33.943root 11241100x8000000000000000535530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057bcf6ea320d8182021-12-21 11:30:33.943root 11241100x8000000000000000535531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5eb78530afdc2cd2021-12-21 11:30:33.943root 11241100x8000000000000000535532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e263482c6e62d6882021-12-21 11:30:33.943root 11241100x8000000000000000535533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5dbc32aafb934c2021-12-21 11:30:33.943root 11241100x8000000000000000535534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca51979d88c0dd0a2021-12-21 11:30:33.943root 11241100x8000000000000000535535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d67cb8ebe7c9ea2021-12-21 11:30:33.943root 11241100x8000000000000000535536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e812f47f60aa4fc2021-12-21 11:30:33.943root 11241100x8000000000000000535537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8d3b4051447ae42021-12-21 11:30:33.944root 11241100x8000000000000000535538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8719fc5ecd478a2021-12-21 11:30:33.944root 11241100x8000000000000000535539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fd0ab1522e78742021-12-21 11:30:33.944root 11241100x8000000000000000535540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf697f4919a370f2021-12-21 11:30:34.443root 11241100x8000000000000000535541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e086edbb83ba902021-12-21 11:30:34.443root 11241100x8000000000000000535542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac76b394239f67c2021-12-21 11:30:34.443root 11241100x8000000000000000535543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a143f12024d3fa92021-12-21 11:30:34.443root 11241100x8000000000000000535544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48240163d603efe2021-12-21 11:30:34.443root 11241100x8000000000000000535545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae5a887e3e72ac2021-12-21 11:30:34.443root 11241100x8000000000000000535546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb7fd9e522c89c92021-12-21 11:30:34.443root 11241100x8000000000000000535547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c50df7f937c64cb2021-12-21 11:30:34.443root 11241100x8000000000000000535548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740bddbf68753ea72021-12-21 11:30:34.443root 11241100x8000000000000000535549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7922366a5f3e48882021-12-21 11:30:34.444root 11241100x8000000000000000535550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bb5369a69fd3792021-12-21 11:30:34.444root 11241100x8000000000000000535551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66095b9ff893c12021-12-21 11:30:34.444root 11241100x8000000000000000535552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b596b4cb8e5313f2021-12-21 11:30:34.943root 11241100x8000000000000000535553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be573b57e2d150992021-12-21 11:30:34.943root 11241100x8000000000000000535554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273e083f5a96a3592021-12-21 11:30:34.943root 11241100x8000000000000000535555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697edfc27c0618162021-12-21 11:30:34.943root 11241100x8000000000000000535556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a441b2ec4bd9cf922021-12-21 11:30:34.943root 11241100x8000000000000000535557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01ff3df95e399462021-12-21 11:30:34.943root 11241100x8000000000000000535558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9dca889130f0a32021-12-21 11:30:34.943root 11241100x8000000000000000535559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc0012d7c9486132021-12-21 11:30:34.944root 11241100x8000000000000000535560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1b5cca0dc7f8992021-12-21 11:30:34.944root 11241100x8000000000000000535561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bb6ca7a76112eb2021-12-21 11:30:34.944root 11241100x8000000000000000535562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0499d4f5e3d2a6ff2021-12-21 11:30:34.944root 11241100x8000000000000000535563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69a4dd20a19766c2021-12-21 11:30:34.944root 11241100x8000000000000000535564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd206633df9188282021-12-21 11:30:34.945root 11241100x8000000000000000535565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44e56dea534a62e2021-12-21 11:30:34.945root 11241100x8000000000000000535566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82055c48892d8ea82021-12-21 11:30:34.946root 11241100x8000000000000000535567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6219524c596b9b2021-12-21 11:30:34.946root 11241100x8000000000000000535568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e44322148e980b2021-12-21 11:30:34.946root 11241100x8000000000000000535569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23780d9dc10cab62021-12-21 11:30:34.946root 11241100x8000000000000000535570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91c996a0ecd25a72021-12-21 11:30:34.946root 11241100x8000000000000000535571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f21d5a3a32362c2021-12-21 11:30:34.946root 11241100x8000000000000000535572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a760dfc1859d6022021-12-21 11:30:34.946root 11241100x8000000000000000535573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254f3f08d1b2aa3a2021-12-21 11:30:34.946root 11241100x8000000000000000535574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0308a325ebf70e2021-12-21 11:30:34.946root 11241100x8000000000000000535575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f7fb508ce4f6672021-12-21 11:30:34.947root 11241100x8000000000000000535576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c88d0a7b54107a2021-12-21 11:30:35.443root 11241100x8000000000000000535577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ffa7c878e431ef2021-12-21 11:30:35.443root 11241100x8000000000000000535578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae407028d3e200ec2021-12-21 11:30:35.443root 11241100x8000000000000000535579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee57206c294a7a72021-12-21 11:30:35.443root 11241100x8000000000000000535580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328d1242be6a047b2021-12-21 11:30:35.443root 11241100x8000000000000000535581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49c758a80b4ba12021-12-21 11:30:35.443root 11241100x8000000000000000535582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4cda8f1369d5a22021-12-21 11:30:35.444root 11241100x8000000000000000535583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9d1651d2c783732021-12-21 11:30:35.444root 11241100x8000000000000000535584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3b322ebf6a45792021-12-21 11:30:35.444root 11241100x8000000000000000535585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d89154a70cff0a42021-12-21 11:30:35.444root 11241100x8000000000000000535586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aed0f5a697a1ba42021-12-21 11:30:35.444root 11241100x8000000000000000535587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8ffff83b9d89bd2021-12-21 11:30:35.444root 11241100x8000000000000000535588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3585d6f0d9c3b8772021-12-21 11:30:35.943root 11241100x8000000000000000535589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f90fb450cc514f52021-12-21 11:30:35.943root 11241100x8000000000000000535590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40487619d91d35c12021-12-21 11:30:35.943root 11241100x8000000000000000535591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cd301cfa4ac2822021-12-21 11:30:35.943root 11241100x8000000000000000535592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9560a2f6ae817492021-12-21 11:30:35.944root 11241100x8000000000000000535593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185e0ed2878041282021-12-21 11:30:35.944root 11241100x8000000000000000535594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1050c335e23ca12021-12-21 11:30:35.944root 11241100x8000000000000000535595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b29614512692e02021-12-21 11:30:35.944root 11241100x8000000000000000535596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18f3c4bdb6fe13e2021-12-21 11:30:35.944root 11241100x8000000000000000535597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab2e206deec5d12021-12-21 11:30:35.944root 11241100x8000000000000000535598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7cff14224990f2021-12-21 11:30:35.944root 11241100x8000000000000000535599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5addba12fd756c082021-12-21 11:30:35.944root 11241100x8000000000000000535600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.327{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:30:36.327root 11241100x8000000000000000535601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0c2c14c5b06e612021-12-21 11:30:36.328root 11241100x8000000000000000535602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fe4a66c276c1b92021-12-21 11:30:36.328root 11241100x8000000000000000535603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375c7079f662538f2021-12-21 11:30:36.328root 11241100x8000000000000000535604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7659a8193ea3d6a42021-12-21 11:30:36.328root 11241100x8000000000000000535605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7068d91c709acfe2021-12-21 11:30:36.328root 11241100x8000000000000000535606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee3565690d8e8b52021-12-21 11:30:36.329root 11241100x8000000000000000535607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee535dcb61704522021-12-21 11:30:36.329root 11241100x8000000000000000535608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76e3fe26d73286e2021-12-21 11:30:36.329root 11241100x8000000000000000535609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d580b10d02cc262021-12-21 11:30:36.329root 11241100x8000000000000000535610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfb2e0e6c1c77122021-12-21 11:30:36.329root 11241100x8000000000000000535611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6895141079df6132021-12-21 11:30:36.330root 11241100x8000000000000000535612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee52606be36dbce2021-12-21 11:30:36.330root 11241100x8000000000000000535613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3dfed6a7ab18dc2021-12-21 11:30:36.330root 11241100x8000000000000000535614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c785fe7ab44c2772021-12-21 11:30:36.693root 11241100x8000000000000000535615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ebe1aa9dff15322021-12-21 11:30:36.693root 11241100x8000000000000000535616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123ad83182eacb592021-12-21 11:30:36.693root 11241100x8000000000000000535617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f239e1c4664e4702021-12-21 11:30:36.693root 11241100x8000000000000000535618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f986b722bcdf44712021-12-21 11:30:36.694root 11241100x8000000000000000535619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b7f88243d576752021-12-21 11:30:36.694root 11241100x8000000000000000535620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8ffae588c01142021-12-21 11:30:36.694root 11241100x8000000000000000535621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782e6e7e721ae2d2021-12-21 11:30:36.694root 11241100x8000000000000000535622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b822f0126e2db52021-12-21 11:30:36.694root 11241100x8000000000000000535623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bbb974c98f7b562021-12-21 11:30:36.694root 11241100x8000000000000000535624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f4a38d4b9c621b2021-12-21 11:30:36.694root 11241100x8000000000000000535625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad63e38ec1534cbf2021-12-21 11:30:36.695root 11241100x8000000000000000535626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9ba1c1339a14322021-12-21 11:30:36.695root 11241100x8000000000000000535627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb08ccaab067f1fc2021-12-21 11:30:37.193root 11241100x8000000000000000535628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a305350d756d2a262021-12-21 11:30:37.193root 11241100x8000000000000000535629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cec2494f5e74742021-12-21 11:30:37.193root 11241100x8000000000000000535630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bdd1804b108cfb2021-12-21 11:30:37.193root 11241100x8000000000000000535631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67b127cf8a9c042021-12-21 11:30:37.193root 11241100x8000000000000000535632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3db5ebdf32783492021-12-21 11:30:37.193root 11241100x8000000000000000535633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1ed851f30c73072021-12-21 11:30:37.193root 11241100x8000000000000000535634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a406dfa6ba6d0d2021-12-21 11:30:37.193root 11241100x8000000000000000535635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c8759c4f8314792021-12-21 11:30:37.193root 11241100x8000000000000000535636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2b1f296bdc18ab2021-12-21 11:30:37.193root 11241100x8000000000000000535637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f5c7b7f58bfc252021-12-21 11:30:37.194root 11241100x8000000000000000535638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a79845b6b4aecf72021-12-21 11:30:37.194root 11241100x8000000000000000535639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83370810f6eb950a2021-12-21 11:30:37.194root 354300x8000000000000000535640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.240{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48642-false10.0.1.12-8000- 11241100x8000000000000000535641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4261bd4a41512bc2021-12-21 11:30:37.693root 11241100x8000000000000000535642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69b67df6fa269fc2021-12-21 11:30:37.693root 11241100x8000000000000000535643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e8f5366affeb842021-12-21 11:30:37.693root 11241100x8000000000000000535644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccf2c99773661c62021-12-21 11:30:37.694root 11241100x8000000000000000535645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6daacb28c250292021-12-21 11:30:37.694root 11241100x8000000000000000535646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfd5708c41ac7182021-12-21 11:30:37.694root 11241100x8000000000000000535647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4513b109b03490ce2021-12-21 11:30:37.694root 11241100x8000000000000000535648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07700d344921bec22021-12-21 11:30:37.694root 11241100x8000000000000000535649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c301c3415e96b82021-12-21 11:30:37.694root 11241100x8000000000000000535650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ae87819e82112c2021-12-21 11:30:37.694root 11241100x8000000000000000535651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686b276d3e23509c2021-12-21 11:30:37.694root 11241100x8000000000000000535652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24954f49c2c1f2e2021-12-21 11:30:37.694root 11241100x8000000000000000535653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577dc60c053bd01f2021-12-21 11:30:37.694root 11241100x8000000000000000535654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae8e0e6aeee18d2021-12-21 11:30:37.694root 11241100x8000000000000000535655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6694fc120186f8272021-12-21 11:30:38.193root 11241100x8000000000000000535656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df680d5ae9989b92021-12-21 11:30:38.193root 11241100x8000000000000000535657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55abccdc6e93bb852021-12-21 11:30:38.193root 11241100x8000000000000000535658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc448bf9996f96c82021-12-21 11:30:38.193root 11241100x8000000000000000535659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88198f605ed95d5b2021-12-21 11:30:38.193root 11241100x8000000000000000535660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbabc545e73c5a62021-12-21 11:30:38.193root 11241100x8000000000000000535661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ca8037caaf8002021-12-21 11:30:38.193root 11241100x8000000000000000535662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa718159b5e846912021-12-21 11:30:38.193root 11241100x8000000000000000535663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d1ff81eee96e632021-12-21 11:30:38.193root 11241100x8000000000000000535664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1894b4b3dc19efc2021-12-21 11:30:38.194root 11241100x8000000000000000535665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40881cb2ccf386e72021-12-21 11:30:38.194root 11241100x8000000000000000535666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a399aa3c9c0bc6fd2021-12-21 11:30:38.194root 11241100x8000000000000000535667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49bbad3148a9f4d2021-12-21 11:30:38.194root 11241100x8000000000000000535668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15051a6f6f2e2c062021-12-21 11:30:38.194root 11241100x8000000000000000535669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be7b1815755c5802021-12-21 11:30:38.693root 11241100x8000000000000000535670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2095dd6c1fbe192021-12-21 11:30:38.693root 11241100x8000000000000000535671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c96ecd8afda05c2021-12-21 11:30:38.693root 11241100x8000000000000000535672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6161249880aebafe2021-12-21 11:30:38.693root 11241100x8000000000000000535673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e09f0afc7fad222021-12-21 11:30:38.693root 11241100x8000000000000000535674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b63b536851fe9b2021-12-21 11:30:38.693root 11241100x8000000000000000535675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d10d0931196262021-12-21 11:30:38.693root 11241100x8000000000000000535676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c39c74f5f5dd712021-12-21 11:30:38.693root 11241100x8000000000000000535677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e287484a7766adf2021-12-21 11:30:38.693root 11241100x8000000000000000535678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca38d54e029accda2021-12-21 11:30:38.693root 11241100x8000000000000000535679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3182c086fe5e5c52021-12-21 11:30:38.693root 11241100x8000000000000000535680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf3bf0b8c5a5fa32021-12-21 11:30:38.693root 11241100x8000000000000000535681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f6e01672bc16652021-12-21 11:30:38.693root 11241100x8000000000000000535682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616bf4532d1038a62021-12-21 11:30:38.694root 11241100x8000000000000000535683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51dad09579ea0022021-12-21 11:30:39.193root 11241100x8000000000000000535684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0e4d4900dfd9ab2021-12-21 11:30:39.193root 11241100x8000000000000000535685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2d45ff82d72c422021-12-21 11:30:39.193root 11241100x8000000000000000535686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f04c63356b9f4682021-12-21 11:30:39.193root 11241100x8000000000000000535687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1988154080cb192021-12-21 11:30:39.193root 11241100x8000000000000000535688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64237731e6d6a01f2021-12-21 11:30:39.193root 11241100x8000000000000000535689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec0c01b6b70a1632021-12-21 11:30:39.193root 11241100x8000000000000000535690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52150cb370c9bce2021-12-21 11:30:39.193root 11241100x8000000000000000535691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b40157d262d592021-12-21 11:30:39.194root 11241100x8000000000000000535692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51453f1e2a14aa8b2021-12-21 11:30:39.194root 11241100x8000000000000000535693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f766814ab75bc882021-12-21 11:30:39.194root 11241100x8000000000000000535694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9181fc8d5b13a12e2021-12-21 11:30:39.194root 11241100x8000000000000000535695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef59595ea6b1d7722021-12-21 11:30:39.194root 11241100x8000000000000000535696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf510b66cede0092021-12-21 11:30:39.194root 23542300x8000000000000000535697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000535698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c851dc1263abebe42021-12-21 11:30:39.693root 11241100x8000000000000000535699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501c040929480d0f2021-12-21 11:30:39.693root 11241100x8000000000000000535700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bfcb790daf3d482021-12-21 11:30:39.693root 11241100x8000000000000000535701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf20d553c91d8c72021-12-21 11:30:39.693root 11241100x8000000000000000535702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e6464cbe8d91b2021-12-21 11:30:39.693root 11241100x8000000000000000535703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c69a77d9ff1e8d2021-12-21 11:30:39.693root 11241100x8000000000000000535704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1d6294f04b4f92021-12-21 11:30:39.693root 11241100x8000000000000000535705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6207d43ea6807052021-12-21 11:30:39.693root 11241100x8000000000000000535706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24bd10a928b02e52021-12-21 11:30:39.693root 11241100x8000000000000000535707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b11ba0e5cb6ba02021-12-21 11:30:39.694root 11241100x8000000000000000535708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71927993897438822021-12-21 11:30:39.694root 11241100x8000000000000000535709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af93f152c2661d512021-12-21 11:30:39.694root 11241100x8000000000000000535710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8649278259bf4eb02021-12-21 11:30:39.694root 11241100x8000000000000000535711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42935c75591da1382021-12-21 11:30:39.694root 11241100x8000000000000000535712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe1ce06907d237a2021-12-21 11:30:39.694root 11241100x8000000000000000535713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2355763b801d36f12021-12-21 11:30:40.193root 11241100x8000000000000000535714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557e6aa32e01001f2021-12-21 11:30:40.193root 11241100x8000000000000000535715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a223362042179632021-12-21 11:30:40.193root 11241100x8000000000000000535716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a631318133c7bf6a2021-12-21 11:30:40.193root 11241100x8000000000000000535717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adcc43dcab6c16d2021-12-21 11:30:40.193root 11241100x8000000000000000535718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b03a2a5ece61f22021-12-21 11:30:40.193root 11241100x8000000000000000535719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dbc81bec1b53692021-12-21 11:30:40.193root 11241100x8000000000000000535720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c30b1b366f1e022021-12-21 11:30:40.194root 11241100x8000000000000000535721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d5b6f455e2c2682021-12-21 11:30:40.194root 11241100x8000000000000000535722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3deb73121678fa42021-12-21 11:30:40.194root 11241100x8000000000000000535723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1f49d259b5ef5f2021-12-21 11:30:40.194root 11241100x8000000000000000535724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ed861f2052a7aa2021-12-21 11:30:40.194root 11241100x8000000000000000535725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f4b9d6ec1491b22021-12-21 11:30:40.194root 11241100x8000000000000000535726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067d209291a29eb52021-12-21 11:30:40.194root 11241100x8000000000000000535727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f53560acd4a55922021-12-21 11:30:40.194root 11241100x8000000000000000535728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d252050d6a01322021-12-21 11:30:40.693root 11241100x8000000000000000535729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c21b29c29c515a2021-12-21 11:30:40.693root 11241100x8000000000000000535730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b684cc584050bf0e2021-12-21 11:30:40.694root 11241100x8000000000000000535731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdcf26e0745d5822021-12-21 11:30:40.694root 11241100x8000000000000000535732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579b5979caa45652021-12-21 11:30:40.694root 11241100x8000000000000000535733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b91be95334610f2021-12-21 11:30:40.694root 11241100x8000000000000000535734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7543100d3fbbcee02021-12-21 11:30:40.695root 11241100x8000000000000000535735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921728878ba0620a2021-12-21 11:30:40.695root 11241100x8000000000000000535736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47652b37ffdd4bea2021-12-21 11:30:40.695root 11241100x8000000000000000535737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7eb819ca28781c2021-12-21 11:30:40.695root 11241100x8000000000000000535738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db45188551d5c8882021-12-21 11:30:40.695root 11241100x8000000000000000535739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d71f95f9013e672021-12-21 11:30:40.696root 11241100x8000000000000000535740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97979b29dbf7d6022021-12-21 11:30:40.696root 11241100x8000000000000000535741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45db0571c8fd0262021-12-21 11:30:40.696root 11241100x8000000000000000535742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dff14768eaae992021-12-21 11:30:40.696root 11241100x8000000000000000535743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119bf18a9a52900e2021-12-21 11:30:41.193root 11241100x8000000000000000535744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8319052fabc457352021-12-21 11:30:41.193root 11241100x8000000000000000535745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e752600795a5af42021-12-21 11:30:41.193root 11241100x8000000000000000535746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46afc5860c2bcc512021-12-21 11:30:41.193root 11241100x8000000000000000535747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52daee43686af0d92021-12-21 11:30:41.193root 11241100x8000000000000000535748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c71268f9ee31f2b2021-12-21 11:30:41.193root 11241100x8000000000000000535749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f287b479306592f82021-12-21 11:30:41.194root 11241100x8000000000000000535750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3bbd3e9e1f8c7b2021-12-21 11:30:41.194root 11241100x8000000000000000535751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe60c924a2685c82021-12-21 11:30:41.194root 11241100x8000000000000000535752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b77b9bf75a7c0622021-12-21 11:30:41.194root 11241100x8000000000000000535753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a746c2ac617632021-12-21 11:30:41.194root 11241100x8000000000000000535754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8c9545634de2a02021-12-21 11:30:41.194root 11241100x8000000000000000535755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c5785ba28cb282021-12-21 11:30:41.194root 11241100x8000000000000000535756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9773f3d29a5269ad2021-12-21 11:30:41.194root 11241100x8000000000000000535757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b42c8b700995a22021-12-21 11:30:41.194root 11241100x8000000000000000535758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4555ad0a3388e7f72021-12-21 11:30:41.693root 11241100x8000000000000000535759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f898e97b73933d652021-12-21 11:30:41.693root 11241100x8000000000000000535760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cad658e667b86f2021-12-21 11:30:41.693root 11241100x8000000000000000535761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464fb4990a3c93832021-12-21 11:30:41.693root 11241100x8000000000000000535762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbf18bcd73d14562021-12-21 11:30:41.693root 11241100x8000000000000000535763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc959ad27586f392021-12-21 11:30:41.693root 11241100x8000000000000000535764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55483b62ca0d84f42021-12-21 11:30:41.693root 11241100x8000000000000000535765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c4b82a35d29142021-12-21 11:30:41.693root 11241100x8000000000000000535766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df22a2b65c56d5a2021-12-21 11:30:41.694root 11241100x8000000000000000535767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cb3cf40b73bd482021-12-21 11:30:41.694root 11241100x8000000000000000535768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f17ee66040d4382021-12-21 11:30:41.694root 11241100x8000000000000000535769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae350eecab0bdf02021-12-21 11:30:41.694root 11241100x8000000000000000535770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a92f3a65228ae9a2021-12-21 11:30:41.694root 11241100x8000000000000000535771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35f98463914e7012021-12-21 11:30:41.694root 11241100x8000000000000000535772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585221a1a0345a292021-12-21 11:30:41.694root 11241100x8000000000000000535773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20d310153300d042021-12-21 11:30:42.193root 11241100x8000000000000000535774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3ef391f4a672362021-12-21 11:30:42.193root 11241100x8000000000000000535775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fdb6dce5cc41c12021-12-21 11:30:42.193root 11241100x8000000000000000535776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c45c1546a9340d2021-12-21 11:30:42.193root 11241100x8000000000000000535777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2485e8a14595aaf2021-12-21 11:30:42.193root 11241100x8000000000000000535778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abac2523d6d84bb2021-12-21 11:30:42.193root 11241100x8000000000000000535779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a75b43448ba05402021-12-21 11:30:42.193root 11241100x8000000000000000535780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069369dccb4114152021-12-21 11:30:42.194root 11241100x8000000000000000535781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e7aa08e02162de2021-12-21 11:30:42.194root 11241100x8000000000000000535782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481b413486408562021-12-21 11:30:42.194root 11241100x8000000000000000535783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b793eeff16c3232021-12-21 11:30:42.194root 11241100x8000000000000000535784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc3d44e62219a62021-12-21 11:30:42.194root 11241100x8000000000000000535785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f94edbf7c9a2b2021-12-21 11:30:42.194root 11241100x8000000000000000535786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475064335e9fa70a2021-12-21 11:30:42.194root 11241100x8000000000000000535787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568b01916cffa412021-12-21 11:30:42.194root 11241100x8000000000000000535788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506a510a91e26142021-12-21 11:30:42.692root 11241100x8000000000000000535789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e5d42fa6af206d2021-12-21 11:30:42.693root 11241100x8000000000000000535790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a66be46db73859f2021-12-21 11:30:42.693root 11241100x8000000000000000535791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cb9e42bdcd5492021-12-21 11:30:42.693root 11241100x8000000000000000535792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb10744afeddb6462021-12-21 11:30:42.693root 11241100x8000000000000000535793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da4b7d76b6db5cc2021-12-21 11:30:42.693root 11241100x8000000000000000535794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38049f97a8988bfd2021-12-21 11:30:42.693root 11241100x8000000000000000535795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c804c6c273e9de0c2021-12-21 11:30:42.693root 11241100x8000000000000000535796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704aaca675facf3a2021-12-21 11:30:42.693root 11241100x8000000000000000535797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c6e730b5e637f62021-12-21 11:30:42.693root 11241100x8000000000000000535798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ce52ee6bfed442021-12-21 11:30:42.693root 11241100x8000000000000000535799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43cba078b2eeba12021-12-21 11:30:42.693root 11241100x8000000000000000535800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03830159951d79bd2021-12-21 11:30:42.693root 11241100x8000000000000000535801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b40458d7b397ce2021-12-21 11:30:42.694root 11241100x8000000000000000535802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c112d5bcb877c2e2021-12-21 11:30:42.694root 354300x8000000000000000535803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48644-false10.0.1.12-8000- 11241100x8000000000000000535804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd993cd85a5d48a2021-12-21 11:30:43.100root 11241100x8000000000000000535805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f508c8185a906d372021-12-21 11:30:43.100root 11241100x8000000000000000535806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c929565aba4594872021-12-21 11:30:43.100root 11241100x8000000000000000535807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4add36f1d0adf0a82021-12-21 11:30:43.101root 11241100x8000000000000000535808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a15937f8a0ffca2021-12-21 11:30:43.101root 11241100x8000000000000000535809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06274b089d0b4e892021-12-21 11:30:43.101root 11241100x8000000000000000535810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84037dde90b89052021-12-21 11:30:43.101root 11241100x8000000000000000535811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b10ff9101997f2021-12-21 11:30:43.101root 11241100x8000000000000000535812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956edbc050514d352021-12-21 11:30:43.101root 11241100x8000000000000000535813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe18c6cd66f4ff2021-12-21 11:30:43.101root 11241100x8000000000000000535814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd5e195f2eef4802021-12-21 11:30:43.101root 11241100x8000000000000000535815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc467ba6fc8e682021-12-21 11:30:43.101root 11241100x8000000000000000535816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c74ab01ba7154472021-12-21 11:30:43.101root 11241100x8000000000000000535817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cddc0c34b984dbc2021-12-21 11:30:43.101root 11241100x8000000000000000535818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8ad8fdb6dc40282021-12-21 11:30:43.101root 11241100x8000000000000000535819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.102{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95572194ccfeb1f2021-12-21 11:30:43.102root 11241100x8000000000000000535820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb0d0ed8b19a42f2021-12-21 11:30:43.443root 11241100x8000000000000000535821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9938feec42d70c9c2021-12-21 11:30:43.443root 11241100x8000000000000000535822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612118a60263c6992021-12-21 11:30:43.443root 11241100x8000000000000000535823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa7c090cd2217392021-12-21 11:30:43.443root 11241100x8000000000000000535824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb231bd61b6c7602021-12-21 11:30:43.443root 11241100x8000000000000000535825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a19d5881a804502021-12-21 11:30:43.443root 11241100x8000000000000000535826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74d0a0748a30a812021-12-21 11:30:43.443root 11241100x8000000000000000535827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536bccc7c8738bff2021-12-21 11:30:43.444root 11241100x8000000000000000535828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617a39175cc3d942021-12-21 11:30:43.444root 11241100x8000000000000000535829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc030858335a6ece2021-12-21 11:30:43.444root 11241100x8000000000000000535830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c5af6a3da8df0e2021-12-21 11:30:43.444root 11241100x8000000000000000535831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1478c4c5691bb402021-12-21 11:30:43.444root 11241100x8000000000000000535832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121e49320e75b002021-12-21 11:30:43.444root 11241100x8000000000000000535833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbcb854188b18e02021-12-21 11:30:43.444root 11241100x8000000000000000535834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54b43cedff009b2021-12-21 11:30:43.444root 11241100x8000000000000000535835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d03ff522d3fe182021-12-21 11:30:43.444root 11241100x8000000000000000535836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff939420735aa9a2021-12-21 11:30:43.943root 11241100x8000000000000000535837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8459f60ec79779b82021-12-21 11:30:43.943root 11241100x8000000000000000535838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9addc8e588ee3982021-12-21 11:30:43.943root 11241100x8000000000000000535839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e8199e300b6462021-12-21 11:30:43.943root 11241100x8000000000000000535840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf64e49f8639c42021-12-21 11:30:43.943root 11241100x8000000000000000535841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed80ba8248e570b2021-12-21 11:30:43.943root 11241100x8000000000000000535842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151100df4a5bcc42021-12-21 11:30:43.943root 11241100x8000000000000000535843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbbf0e57b1aea2c2021-12-21 11:30:43.943root 11241100x8000000000000000535844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22205c9ea5ed97e02021-12-21 11:30:43.943root 11241100x8000000000000000535845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd7a80c18df47162021-12-21 11:30:43.943root 11241100x8000000000000000535846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e52713d9d4d4262021-12-21 11:30:43.943root 11241100x8000000000000000535847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd8752d72353b3d2021-12-21 11:30:43.943root 11241100x8000000000000000535848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bbf2955ae3ee762021-12-21 11:30:43.943root 11241100x8000000000000000535849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b807d8d97e90d82021-12-21 11:30:43.944root 11241100x8000000000000000535850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42c313c286317b42021-12-21 11:30:43.944root 11241100x8000000000000000535851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce510e89c6754722021-12-21 11:30:43.944root 11241100x8000000000000000535852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19238af40220a8ad2021-12-21 11:30:44.443root 11241100x8000000000000000535853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6388095dd89452021-12-21 11:30:44.443root 11241100x8000000000000000535854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ece56e8b1060752021-12-21 11:30:44.444root 11241100x8000000000000000535855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d467927ed99e4e92021-12-21 11:30:44.444root 11241100x8000000000000000535856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97102fa589a7dbb2021-12-21 11:30:44.444root 11241100x8000000000000000535857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59da4b110ba8e1782021-12-21 11:30:44.444root 11241100x8000000000000000535858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec0a034a86303fd2021-12-21 11:30:44.444root 11241100x8000000000000000535859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3bc3fde9ccbd02021-12-21 11:30:44.444root 11241100x8000000000000000535860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8f6214ba62fb6c2021-12-21 11:30:44.444root 11241100x8000000000000000535861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899ffc67e4ff1562021-12-21 11:30:44.444root 11241100x8000000000000000535862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1093665e5310f2021-12-21 11:30:44.445root 11241100x8000000000000000535863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffb982d40f2e57d2021-12-21 11:30:44.445root 11241100x8000000000000000535864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7176b7c1e441537e2021-12-21 11:30:44.445root 11241100x8000000000000000535865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123bd68ec61f3d6c2021-12-21 11:30:44.445root 11241100x8000000000000000535866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41574815fe145a942021-12-21 11:30:44.445root 11241100x8000000000000000535867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3709185c3c8377622021-12-21 11:30:44.445root 11241100x8000000000000000535868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f970775ce4de2902021-12-21 11:30:44.942root 11241100x8000000000000000535869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2be26ebaf69792021-12-21 11:30:44.943root 11241100x8000000000000000535870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6186645fa94102021-12-21 11:30:44.943root 11241100x8000000000000000535871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dde062219941a92021-12-21 11:30:44.943root 11241100x8000000000000000535872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e19ea25ad135aad2021-12-21 11:30:44.943root 11241100x8000000000000000535873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8ce0e9941e7f42021-12-21 11:30:44.943root 11241100x8000000000000000535874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361cc718b1fb2c892021-12-21 11:30:44.943root 11241100x8000000000000000535875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786915f332030d4c2021-12-21 11:30:44.943root 11241100x8000000000000000535876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a030aea0fb88512021-12-21 11:30:44.943root 11241100x8000000000000000535877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be82f7173e008302021-12-21 11:30:44.943root 11241100x8000000000000000535878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c8bb9f9618811d2021-12-21 11:30:44.943root 11241100x8000000000000000535879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fc8088c3933cb2021-12-21 11:30:44.944root 11241100x8000000000000000535880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de84f8e2f04058fa2021-12-21 11:30:44.944root 11241100x8000000000000000535881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba27a80fad7934c2021-12-21 11:30:44.944root 11241100x8000000000000000535882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616f5e85824172b2021-12-21 11:30:44.944root 11241100x8000000000000000535883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ebbf8ade4477f72021-12-21 11:30:44.944root 11241100x8000000000000000535884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629fe7093b0eec92021-12-21 11:30:45.443root 11241100x8000000000000000535885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a979c423b440792021-12-21 11:30:45.443root 11241100x8000000000000000535886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5072a05ec608d36c2021-12-21 11:30:45.443root 11241100x8000000000000000535887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae166297d9ef6612021-12-21 11:30:45.443root 11241100x8000000000000000535888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eab753555d3ab4c2021-12-21 11:30:45.443root 11241100x8000000000000000535889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ea17c0998715f12021-12-21 11:30:45.443root 11241100x8000000000000000535890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e628e5599c04f2021-12-21 11:30:45.443root 11241100x8000000000000000535891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39a6c696d8b585b2021-12-21 11:30:45.444root 11241100x8000000000000000535892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af58a386a2f70ce2021-12-21 11:30:45.444root 11241100x8000000000000000535893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4540ea465eba72cb2021-12-21 11:30:45.444root 11241100x8000000000000000535894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f23ba143159602021-12-21 11:30:45.444root 11241100x8000000000000000535895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a081abfcf4bca72a2021-12-21 11:30:45.444root 11241100x8000000000000000535896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a287aed2c804942021-12-21 11:30:45.444root 11241100x8000000000000000535897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1531614a7454b0b12021-12-21 11:30:45.444root 11241100x8000000000000000535898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269661e6b8518bb22021-12-21 11:30:45.444root 11241100x8000000000000000535899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7a1635711007342021-12-21 11:30:45.444root 11241100x8000000000000000535900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f041873f5d850942021-12-21 11:30:45.943root 11241100x8000000000000000535901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec047ac4eec9a82021-12-21 11:30:45.943root 11241100x8000000000000000535902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63512f75574658a2021-12-21 11:30:45.943root 11241100x8000000000000000535903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020f4b0e76c323fd2021-12-21 11:30:45.943root 11241100x8000000000000000535904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69905534631c4c052021-12-21 11:30:45.943root 11241100x8000000000000000535905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2af966883415742021-12-21 11:30:45.943root 11241100x8000000000000000535906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0040e3902bfa7002021-12-21 11:30:45.944root 11241100x8000000000000000535907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71808b3540bad7a32021-12-21 11:30:45.944root 11241100x8000000000000000535908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18ca03396cf6aa52021-12-21 11:30:45.944root 11241100x8000000000000000535909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14353cb0f5f83c202021-12-21 11:30:45.944root 11241100x8000000000000000535910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d290a5f99d96c52021-12-21 11:30:45.944root 11241100x8000000000000000535911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d816ffb40b29690e2021-12-21 11:30:45.944root 11241100x8000000000000000535912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd177ab46bcf9e2021-12-21 11:30:45.944root 11241100x8000000000000000535913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de7a185f9f71d212021-12-21 11:30:45.944root 11241100x8000000000000000535914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bfebcc51eba8ca2021-12-21 11:30:45.944root 11241100x8000000000000000535915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4b5dba041cdef2021-12-21 11:30:45.944root 11241100x8000000000000000535916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9cdae84c42be32021-12-21 11:30:46.443root 11241100x8000000000000000535917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c54da7df4c7cb082021-12-21 11:30:46.443root 11241100x8000000000000000535918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910be03e6351ecf32021-12-21 11:30:46.443root 11241100x8000000000000000535919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e30d31e38ce762021-12-21 11:30:46.443root 11241100x8000000000000000535920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838069dbdaeecd7c2021-12-21 11:30:46.443root 11241100x8000000000000000535921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9ebd5cc4802ba2021-12-21 11:30:46.443root 11241100x8000000000000000535922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de691b8a6579df5c2021-12-21 11:30:46.444root 11241100x8000000000000000535923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928412ed3d8cdb82021-12-21 11:30:46.444root 11241100x8000000000000000535924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a26f09b3db4472021-12-21 11:30:46.444root 11241100x8000000000000000535925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd0560dd50519c52021-12-21 11:30:46.444root 11241100x8000000000000000535926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cfefd505a46d192021-12-21 11:30:46.444root 11241100x8000000000000000535927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f34374f7f5d47952021-12-21 11:30:46.444root 11241100x8000000000000000535928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd71090f3775589a2021-12-21 11:30:46.444root 11241100x8000000000000000535929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24519dfdf52e7922021-12-21 11:30:46.444root 11241100x8000000000000000535930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea15ad95ebebff2021-12-21 11:30:46.444root 11241100x8000000000000000535931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89f66d86db1fd32021-12-21 11:30:46.444root 11241100x8000000000000000535932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd6dc63694b0bb2021-12-21 11:30:46.943root 11241100x8000000000000000535933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5ea9c4a36ddf842021-12-21 11:30:46.943root 11241100x8000000000000000535934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f17b544572a222021-12-21 11:30:46.943root 11241100x8000000000000000535935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c316a6ab067257c2021-12-21 11:30:46.943root 11241100x8000000000000000535936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cf7f28f917e8132021-12-21 11:30:46.943root 11241100x8000000000000000535937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6175a7bc06730e9b2021-12-21 11:30:46.943root 11241100x8000000000000000535938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdc3765535ef0b52021-12-21 11:30:46.944root 11241100x8000000000000000535939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e263635e0ff01792021-12-21 11:30:46.944root 11241100x8000000000000000535940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b735d588071002021-12-21 11:30:46.944root 11241100x8000000000000000535941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae13378c91ff49662021-12-21 11:30:46.944root 11241100x8000000000000000535942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd6fa55d74bd3862021-12-21 11:30:46.944root 11241100x8000000000000000535943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8279a0fdfd56d32021-12-21 11:30:46.944root 11241100x8000000000000000535944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf97c95a1f1d8992021-12-21 11:30:46.944root 11241100x8000000000000000535945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ca512923d9d9ef2021-12-21 11:30:46.944root 11241100x8000000000000000535946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb11729f83705a2021-12-21 11:30:46.944root 11241100x8000000000000000535947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a108f99a1483d7492021-12-21 11:30:46.944root 11241100x8000000000000000535948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428b1b152a1e43fb2021-12-21 11:30:47.443root 11241100x8000000000000000535949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99e4b6ceb7f573f2021-12-21 11:30:47.443root 11241100x8000000000000000535950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61567370540fa0122021-12-21 11:30:47.443root 11241100x8000000000000000535951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619038db35f9eefc2021-12-21 11:30:47.443root 11241100x8000000000000000535952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e87906bc76f3b2021-12-21 11:30:47.443root 11241100x8000000000000000535953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28490d0a5b37b3472021-12-21 11:30:47.443root 11241100x8000000000000000535954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ce0625e58f2b32021-12-21 11:30:47.444root 11241100x8000000000000000535955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be8fcc77f2060072021-12-21 11:30:47.444root 11241100x8000000000000000535956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572242e84d4edac92021-12-21 11:30:47.444root 11241100x8000000000000000535957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d547e26cc1a6b27b2021-12-21 11:30:47.444root 11241100x8000000000000000535958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8619911341eb10662021-12-21 11:30:47.444root 11241100x8000000000000000535959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ffe0fb87e8a3d2021-12-21 11:30:47.444root 11241100x8000000000000000535960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c80c0f18cbbac752021-12-21 11:30:47.444root 11241100x8000000000000000535961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27240c2bb6968b992021-12-21 11:30:47.444root 11241100x8000000000000000535962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1ebac1d399e96c2021-12-21 11:30:47.444root 11241100x8000000000000000535963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451a2c738b3f66c2021-12-21 11:30:47.444root 11241100x8000000000000000535964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eada5b6a96693c2021-12-21 11:30:47.944root 11241100x8000000000000000535965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082d05d0a1fdc262021-12-21 11:30:47.944root 11241100x8000000000000000535966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d353fa8033078522021-12-21 11:30:47.944root 11241100x8000000000000000535967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7af6359e40f652021-12-21 11:30:47.944root 11241100x8000000000000000535968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf422e890e756f62021-12-21 11:30:47.944root 11241100x8000000000000000535969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a36e247fa4cae0a2021-12-21 11:30:47.944root 11241100x8000000000000000535970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe84fcfd44a00852021-12-21 11:30:47.944root 11241100x8000000000000000535971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49426202e7da719f2021-12-21 11:30:47.944root 11241100x8000000000000000535972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35fa8d4034e99db2021-12-21 11:30:47.944root 11241100x8000000000000000535973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724592c659e4e8162021-12-21 11:30:47.945root 11241100x8000000000000000535974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2460dff2234fd01c2021-12-21 11:30:47.945root 11241100x8000000000000000535975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633db05125dcdbf2021-12-21 11:30:47.945root 11241100x8000000000000000535976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7506110c8be4b3b2021-12-21 11:30:47.945root 11241100x8000000000000000535977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97ee550fb66a39f2021-12-21 11:30:47.945root 11241100x8000000000000000535978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e65b6e656dcccd52021-12-21 11:30:47.945root 11241100x8000000000000000535979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb0874c66686ab2021-12-21 11:30:47.945root 11241100x8000000000000000535980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869d676e42e15f592021-12-21 11:30:48.443root 11241100x8000000000000000535981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1db8e398085edb2021-12-21 11:30:48.443root 11241100x8000000000000000535982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edd6e0e88693462021-12-21 11:30:48.443root 11241100x8000000000000000535983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fde869a77c7d5b2021-12-21 11:30:48.443root 11241100x8000000000000000535984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8fe96d0bc3b3b42021-12-21 11:30:48.443root 11241100x8000000000000000535985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8ed4465e8b06e2021-12-21 11:30:48.444root 11241100x8000000000000000535986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46926696ed2e4b692021-12-21 11:30:48.444root 11241100x8000000000000000535987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b64bb0c10432f92021-12-21 11:30:48.444root 11241100x8000000000000000535988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317d425ab7ba7f622021-12-21 11:30:48.444root 11241100x8000000000000000535989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb29df325aac1e52021-12-21 11:30:48.444root 11241100x8000000000000000535990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396d09a2750eef12021-12-21 11:30:48.444root 11241100x8000000000000000535991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a4b39b458f7df62021-12-21 11:30:48.444root 11241100x8000000000000000535992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad86b536a5386392021-12-21 11:30:48.444root 11241100x8000000000000000535993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb66bc757147ff6a2021-12-21 11:30:48.444root 11241100x8000000000000000535994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d19229fb4d7adb42021-12-21 11:30:48.444root 11241100x8000000000000000535995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5975e0e913a933a72021-12-21 11:30:48.444root 11241100x8000000000000000535996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9621fd6d0ed160b92021-12-21 11:30:48.943root 11241100x8000000000000000535997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f526150fdb6d7d2021-12-21 11:30:48.943root 11241100x8000000000000000535998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509c745219971cf12021-12-21 11:30:48.943root 11241100x8000000000000000535999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dca9762c8878612021-12-21 11:30:48.943root 11241100x8000000000000000536000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35063ffeba12d832021-12-21 11:30:48.943root 11241100x8000000000000000536001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aea8f9bd087ca12021-12-21 11:30:48.943root 11241100x8000000000000000536002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08645d500b4b85ec2021-12-21 11:30:48.944root 11241100x8000000000000000536003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e72d1f4cc9b3012021-12-21 11:30:48.944root 11241100x8000000000000000536004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca1b49b9b6f1b92021-12-21 11:30:48.944root 11241100x8000000000000000536005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be73a56f0a067642021-12-21 11:30:48.944root 11241100x8000000000000000536006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0c2d5a11bf5c152021-12-21 11:30:48.944root 11241100x8000000000000000536007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c342f952c9bee52021-12-21 11:30:48.944root 11241100x8000000000000000536008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eca7a0f81fc8ac32021-12-21 11:30:48.944root 11241100x8000000000000000536009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684727cd640752c2021-12-21 11:30:48.944root 11241100x8000000000000000536010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006dd528187adeb2021-12-21 11:30:48.944root 11241100x8000000000000000536011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d6767ec28517a2021-12-21 11:30:48.944root 354300x8000000000000000536012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.014{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48646-false10.0.1.12-8000- 11241100x8000000000000000536013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d38a2d09c7cf02021-12-21 11:30:49.443root 11241100x8000000000000000536014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbcbc7de6b42b6e2021-12-21 11:30:49.443root 11241100x8000000000000000536015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b461e3481cbae22021-12-21 11:30:49.443root 11241100x8000000000000000536016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a780f6960748e50e2021-12-21 11:30:49.443root 11241100x8000000000000000536017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4023444288a151632021-12-21 11:30:49.443root 11241100x8000000000000000536018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da81619ebe04e32021-12-21 11:30:49.444root 11241100x8000000000000000536019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc7de2d88970732021-12-21 11:30:49.444root 11241100x8000000000000000536020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f0dd99200201e2021-12-21 11:30:49.444root 11241100x8000000000000000536021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3299b156c85250a2021-12-21 11:30:49.444root 11241100x8000000000000000536022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272e2963547b05ee2021-12-21 11:30:49.444root 11241100x8000000000000000536023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d941880acf3e142021-12-21 11:30:49.444root 11241100x8000000000000000536024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2910a0f983a3565a2021-12-21 11:30:49.444root 11241100x8000000000000000536025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ff1bf88b08aa612021-12-21 11:30:49.444root 11241100x8000000000000000536026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81d898ae2afde392021-12-21 11:30:49.444root 11241100x8000000000000000536027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2fff18729c9beb2021-12-21 11:30:49.444root 11241100x8000000000000000536028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff7d5516b6c69632021-12-21 11:30:49.444root 11241100x8000000000000000536029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef14fc76762df462021-12-21 11:30:49.444root 11241100x8000000000000000536030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8e6845695475c72021-12-21 11:30:49.943root 11241100x8000000000000000536031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395380622cd7a4a32021-12-21 11:30:49.943root 11241100x8000000000000000536032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502239a45f62b2d82021-12-21 11:30:49.943root 11241100x8000000000000000536033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdcbe0f61bd78b52021-12-21 11:30:49.943root 11241100x8000000000000000536034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d9b04a98be4f7c2021-12-21 11:30:49.943root 11241100x8000000000000000536035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea93dae814b2ec2021-12-21 11:30:49.944root 11241100x8000000000000000536036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4765679aac8410502021-12-21 11:30:49.944root 11241100x8000000000000000536037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a36fc663b7da092021-12-21 11:30:49.944root 11241100x8000000000000000536038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15f7576f0b8dff2021-12-21 11:30:49.944root 11241100x8000000000000000536039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a008a1cbd27b6cf32021-12-21 11:30:49.944root 11241100x8000000000000000536040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3710d6b9742561242021-12-21 11:30:49.944root 11241100x8000000000000000536041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523bb3fa27c8d5d2021-12-21 11:30:49.944root 11241100x8000000000000000536042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef070c072c1d14172021-12-21 11:30:49.944root 11241100x8000000000000000536043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d12d227da4e97402021-12-21 11:30:49.944root 11241100x8000000000000000536044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d97566fafee0402021-12-21 11:30:49.944root 11241100x8000000000000000536045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bede1550851c5212021-12-21 11:30:49.944root 11241100x8000000000000000536046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cba7396038152b2021-12-21 11:30:49.944root 11241100x8000000000000000536047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6480353b2776ebc2021-12-21 11:30:50.443root 11241100x8000000000000000536048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4f6a96726fcec2021-12-21 11:30:50.443root 11241100x8000000000000000536049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd17086ce546612021-12-21 11:30:50.443root 11241100x8000000000000000536050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2cc925397161bf2021-12-21 11:30:50.443root 11241100x8000000000000000536051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe71afa7f475ce642021-12-21 11:30:50.444root 11241100x8000000000000000536052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5544776db698e26b2021-12-21 11:30:50.444root 11241100x8000000000000000536053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c90856125f578e2021-12-21 11:30:50.444root 11241100x8000000000000000536054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f44f28755a21d32021-12-21 11:30:50.444root 11241100x8000000000000000536055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50905c82867c122021-12-21 11:30:50.444root 11241100x8000000000000000536056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ff764af9e8c99a2021-12-21 11:30:50.444root 11241100x8000000000000000536057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cb6efeb28926372021-12-21 11:30:50.444root 11241100x8000000000000000536058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8d4d4865ed1e82021-12-21 11:30:50.444root 11241100x8000000000000000536059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbbaf48ab68f32d2021-12-21 11:30:50.444root 11241100x8000000000000000536060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d112347b17235162021-12-21 11:30:50.444root 11241100x8000000000000000536061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd33e882356ed592021-12-21 11:30:50.444root 11241100x8000000000000000536062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752fc81dd4b62252021-12-21 11:30:50.445root 11241100x8000000000000000536063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03e4ca01b8eefe2021-12-21 11:30:50.445root 11241100x8000000000000000536064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a21bb86c81f69f2021-12-21 11:30:50.943root 11241100x8000000000000000536065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c555cd7a467adc7e2021-12-21 11:30:50.943root 11241100x8000000000000000536066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c262c863357fd5c62021-12-21 11:30:50.943root 11241100x8000000000000000536067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a009de2639b355172021-12-21 11:30:50.943root 11241100x8000000000000000536068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec3ca7c9b04dc02021-12-21 11:30:50.944root 11241100x8000000000000000536069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88c97a59fab16a22021-12-21 11:30:50.944root 11241100x8000000000000000536070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38794693b10f71a92021-12-21 11:30:50.944root 11241100x8000000000000000536071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427d1b5becce5b492021-12-21 11:30:50.944root 11241100x8000000000000000536072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd437a744679517e2021-12-21 11:30:50.944root 11241100x8000000000000000536073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd7903ed7189a72021-12-21 11:30:50.944root 11241100x8000000000000000536074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7414227575b202642021-12-21 11:30:50.944root 11241100x8000000000000000536075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f469645b2624a82021-12-21 11:30:50.944root 11241100x8000000000000000536076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c909d1421e484ec2021-12-21 11:30:50.944root 11241100x8000000000000000536077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f9ce48bd056a432021-12-21 11:30:50.944root 11241100x8000000000000000536078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdbb42831be49792021-12-21 11:30:50.944root 11241100x8000000000000000536079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086231d8177eb3d2021-12-21 11:30:50.944root 11241100x8000000000000000536080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14af8eb4b272d7d72021-12-21 11:30:50.944root 11241100x8000000000000000536081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a9ac7a55ab0c72021-12-21 11:30:51.443root 11241100x8000000000000000536082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3905e7efcc2ef782021-12-21 11:30:51.443root 11241100x8000000000000000536083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c212008c7d84ca542021-12-21 11:30:51.443root 11241100x8000000000000000536084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915925b0b1be3882021-12-21 11:30:51.443root 11241100x8000000000000000536085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e26c6294cefc912021-12-21 11:30:51.444root 11241100x8000000000000000536086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1befb29ab9b54f2021-12-21 11:30:51.444root 11241100x8000000000000000536087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587a6c99343694182021-12-21 11:30:51.444root 11241100x8000000000000000536088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704f8bf11538ed2d2021-12-21 11:30:51.444root 11241100x8000000000000000536089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6415446a37b302021-12-21 11:30:51.444root 11241100x8000000000000000536090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312111e93bdefcde2021-12-21 11:30:51.444root 11241100x8000000000000000536091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089904c1da3bc5d2021-12-21 11:30:51.444root 11241100x8000000000000000536092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f425fc0a556300e92021-12-21 11:30:51.444root 11241100x8000000000000000536093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78543ec57fcad57a2021-12-21 11:30:51.444root 11241100x8000000000000000536094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b5d2c30ec919d82021-12-21 11:30:51.444root 11241100x8000000000000000536095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73169544d8cbd0d2021-12-21 11:30:51.444root 11241100x8000000000000000536096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c163347e51a857992021-12-21 11:30:51.445root 11241100x8000000000000000536097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aa4cccb7fb037c2021-12-21 11:30:51.445root 11241100x8000000000000000536098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2907cfd7f37b02021-12-21 11:30:51.943root 11241100x8000000000000000536099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ef964d75bc7fdc2021-12-21 11:30:51.943root 11241100x8000000000000000536100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ecf55b264fa6bc2021-12-21 11:30:51.943root 11241100x8000000000000000536101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0af390355d60c2021-12-21 11:30:51.943root 11241100x8000000000000000536102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abd66b867fb082d2021-12-21 11:30:51.943root 11241100x8000000000000000536103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65567ddb0fe2443d2021-12-21 11:30:51.944root 11241100x8000000000000000536104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05867b820302086a2021-12-21 11:30:51.944root 11241100x8000000000000000536105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c06dc00ef60d1b2021-12-21 11:30:51.944root 11241100x8000000000000000536106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b469df0ab3f3022021-12-21 11:30:51.944root 11241100x8000000000000000536107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf22aca28ead6622021-12-21 11:30:51.944root 11241100x8000000000000000536108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1782d5fe38ab9fd42021-12-21 11:30:51.944root 11241100x8000000000000000536109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed7a3089add310a2021-12-21 11:30:51.944root 11241100x8000000000000000536110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fff2c4744622b62021-12-21 11:30:51.944root 11241100x8000000000000000536111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f5cc5adc2dadd2021-12-21 11:30:51.944root 11241100x8000000000000000536112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d6fd52ae0a7692021-12-21 11:30:51.944root 11241100x8000000000000000536113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7dbf7f7e847722021-12-21 11:30:51.944root 11241100x8000000000000000536114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e8c4d94124b2412021-12-21 11:30:51.944root 11241100x8000000000000000536115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c267927ae673ac192021-12-21 11:30:52.443root 11241100x8000000000000000536116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01843d113c2c20642021-12-21 11:30:52.443root 11241100x8000000000000000536117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b6425953ded1f02021-12-21 11:30:52.443root 11241100x8000000000000000536118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c235b6b7689f8e2021-12-21 11:30:52.443root 11241100x8000000000000000536119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114e9239d6da84e2021-12-21 11:30:52.443root 11241100x8000000000000000536120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e32370648bca48b2021-12-21 11:30:52.443root 11241100x8000000000000000536121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad2a7c0aacf89aa2021-12-21 11:30:52.444root 11241100x8000000000000000536122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07a7784283df302021-12-21 11:30:52.444root 11241100x8000000000000000536123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a124982d121edb02021-12-21 11:30:52.444root 11241100x8000000000000000536124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ad19e6b2df6902021-12-21 11:30:52.444root 11241100x8000000000000000536125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7edf3e17ad8579f2021-12-21 11:30:52.444root 11241100x8000000000000000536126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf0a3f79e8f91052021-12-21 11:30:52.444root 11241100x8000000000000000536127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581ae821ecdc522d2021-12-21 11:30:52.444root 11241100x8000000000000000536128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1655a4fe8f199112021-12-21 11:30:52.444root 11241100x8000000000000000536129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f19370571807d92021-12-21 11:30:52.444root 11241100x8000000000000000536130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5736bfdba9271d22021-12-21 11:30:52.444root 11241100x8000000000000000536131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d168b3e8da44c56b2021-12-21 11:30:52.444root 11241100x8000000000000000536132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a4e5780159b2e32021-12-21 11:30:52.943root 11241100x8000000000000000536133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9301d51071d31a752021-12-21 11:30:52.943root 11241100x8000000000000000536134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d445e804926432021-12-21 11:30:52.943root 11241100x8000000000000000536135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a9b5cd53f51fb52021-12-21 11:30:52.943root 11241100x8000000000000000536136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c029b56d87b031682021-12-21 11:30:52.944root 11241100x8000000000000000536137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89bd4da89ab9ffb2021-12-21 11:30:52.944root 11241100x8000000000000000536138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdcbd59fbfa7da82021-12-21 11:30:52.944root 11241100x8000000000000000536139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315728c0773ffbcb2021-12-21 11:30:52.944root 11241100x8000000000000000536140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf708882660a742021-12-21 11:30:52.944root 11241100x8000000000000000536141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148451eace50e7c2021-12-21 11:30:52.944root 11241100x8000000000000000536142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459b19159768d592021-12-21 11:30:52.944root 11241100x8000000000000000536143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd96ad4c6bde8332021-12-21 11:30:52.944root 11241100x8000000000000000536144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b94d39bb828d792021-12-21 11:30:52.944root 11241100x8000000000000000536145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb259f6a0a2ed8b2021-12-21 11:30:52.944root 11241100x8000000000000000536146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6b17007e17e5282021-12-21 11:30:52.944root 11241100x8000000000000000536147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010485996e69fa722021-12-21 11:30:52.944root 11241100x8000000000000000536148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76730dccb1d1b22021-12-21 11:30:52.944root 11241100x8000000000000000536149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8daa30c40af94f62021-12-21 11:30:53.443root 11241100x8000000000000000536150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e915cc7b13dfa92021-12-21 11:30:53.443root 11241100x8000000000000000536151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb3834a1b548072021-12-21 11:30:53.443root 11241100x8000000000000000536152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5493c3f51f7b56c2021-12-21 11:30:53.443root 11241100x8000000000000000536153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399bbc23722a7b402021-12-21 11:30:53.443root 11241100x8000000000000000536154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70866804f6602402021-12-21 11:30:53.443root 11241100x8000000000000000536155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6059d4abd0a483c2021-12-21 11:30:53.444root 11241100x8000000000000000536156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e67f08faf14152b2021-12-21 11:30:53.444root 11241100x8000000000000000536157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90100ba286a83efb2021-12-21 11:30:53.444root 11241100x8000000000000000536158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71cc037cf98cde42021-12-21 11:30:53.444root 11241100x8000000000000000536159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b0fea271d13fa42021-12-21 11:30:53.444root 11241100x8000000000000000536160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15172a41500b14922021-12-21 11:30:53.444root 11241100x8000000000000000536161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1244269f74e4b3fe2021-12-21 11:30:53.444root 11241100x8000000000000000536162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d09df4f2fa1c0172021-12-21 11:30:53.444root 11241100x8000000000000000536163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f523f800a875e862021-12-21 11:30:53.444root 11241100x8000000000000000536164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704d827827ce05852021-12-21 11:30:53.444root 11241100x8000000000000000536165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595f47ac77783922021-12-21 11:30:53.444root 11241100x8000000000000000536166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcdd4510d90be8f2021-12-21 11:30:53.943root 11241100x8000000000000000536167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e41d71ced5b3d2021-12-21 11:30:53.943root 11241100x8000000000000000536168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb210c9791ee6e402021-12-21 11:30:53.943root 11241100x8000000000000000536169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e94c5a6cb56412021-12-21 11:30:53.943root 11241100x8000000000000000536170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d467a903cf849302021-12-21 11:30:53.943root 11241100x8000000000000000536171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a750b3de228e7b42021-12-21 11:30:53.943root 11241100x8000000000000000536172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe421c10e6c04a82021-12-21 11:30:53.944root 11241100x8000000000000000536173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652386663f1239c2021-12-21 11:30:53.944root 11241100x8000000000000000536174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc2c57b15103852021-12-21 11:30:53.944root 11241100x8000000000000000536175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9962bcd2b37f5802021-12-21 11:30:53.944root 11241100x8000000000000000536176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e96690df9d0ed302021-12-21 11:30:53.944root 11241100x8000000000000000536177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71da2086fea875e2021-12-21 11:30:53.944root 11241100x8000000000000000536178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a0f6ed5214951c2021-12-21 11:30:53.944root 11241100x8000000000000000536179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c439060296306b052021-12-21 11:30:53.944root 11241100x8000000000000000536180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431662f5f6eb44272021-12-21 11:30:53.944root 11241100x8000000000000000536181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f880431e9fcb7a92021-12-21 11:30:53.944root 11241100x8000000000000000536182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0db48a1c40ae86e2021-12-21 11:30:53.944root 354300x8000000000000000536183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48648-false10.0.1.12-8000- 11241100x8000000000000000536184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8cf6cb01944c8f2021-12-21 11:30:54.443root 11241100x8000000000000000536185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc439fe8a2647d62021-12-21 11:30:54.443root 11241100x8000000000000000536186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714a9f5ea70702632021-12-21 11:30:54.443root 11241100x8000000000000000536187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3107516e823dbf972021-12-21 11:30:54.443root 11241100x8000000000000000536188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c2c49c43b29882021-12-21 11:30:54.444root 11241100x8000000000000000536189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1019674a50a7c22021-12-21 11:30:54.444root 11241100x8000000000000000536190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41637f20a3bb79c62021-12-21 11:30:54.444root 11241100x8000000000000000536191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4602f5e14ba89682021-12-21 11:30:54.444root 11241100x8000000000000000536192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5edb1748a8a82c82021-12-21 11:30:54.444root 11241100x8000000000000000536193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46d9a59a66f302b2021-12-21 11:30:54.444root 11241100x8000000000000000536194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e9cdc6dc6e36f2021-12-21 11:30:54.444root 11241100x8000000000000000536195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9836b9b13948ab2021-12-21 11:30:54.444root 11241100x8000000000000000536196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea1f692a853cd32021-12-21 11:30:54.444root 11241100x8000000000000000536197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13d513cdeaac0152021-12-21 11:30:54.444root 11241100x8000000000000000536198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083bd8010b02927f2021-12-21 11:30:54.444root 11241100x8000000000000000536199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa118dee37a019222021-12-21 11:30:54.444root 11241100x8000000000000000536200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20361762b1bd8f2021-12-21 11:30:54.444root 11241100x8000000000000000536201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ca4446f1215002021-12-21 11:30:54.444root 11241100x8000000000000000536202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1fc472617f11102021-12-21 11:30:54.943root 11241100x8000000000000000536203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253663ea67ee98dc2021-12-21 11:30:54.943root 11241100x8000000000000000536204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7b51e4344202b2021-12-21 11:30:54.943root 11241100x8000000000000000536205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525c8c840aaa64e92021-12-21 11:30:54.943root 11241100x8000000000000000536206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcd8b51a1457ee2021-12-21 11:30:54.943root 11241100x8000000000000000536207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951908ce206b3e832021-12-21 11:30:54.944root 11241100x8000000000000000536208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721d802072411f2b2021-12-21 11:30:54.944root 11241100x8000000000000000536209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebc7fba3adc53252021-12-21 11:30:54.944root 11241100x8000000000000000536210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e122c574d157112021-12-21 11:30:54.944root 11241100x8000000000000000536211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767512e7d02ba23c2021-12-21 11:30:54.944root 11241100x8000000000000000536212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5bfebe6eba69092021-12-21 11:30:54.944root 11241100x8000000000000000536213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5ebeabd4bd5cc82021-12-21 11:30:54.944root 11241100x8000000000000000536214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c50c82716eda52021-12-21 11:30:54.944root 11241100x8000000000000000536215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db6ebf53464aae2021-12-21 11:30:54.944root 11241100x8000000000000000536216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff508aa66ca5946e2021-12-21 11:30:54.944root 11241100x8000000000000000536217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dafc05a6296bae22021-12-21 11:30:54.944root 11241100x8000000000000000536218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770c0fa533b2bad32021-12-21 11:30:54.944root 11241100x8000000000000000536219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a807220c35e71b2021-12-21 11:30:54.944root 11241100x8000000000000000536220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef174aaccc119f22021-12-21 11:30:55.443root 11241100x8000000000000000536221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a589aee0b86f806c2021-12-21 11:30:55.443root 11241100x8000000000000000536222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7bd0173d3f08e22021-12-21 11:30:55.444root 11241100x8000000000000000536223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840d7deadee5b2e12021-12-21 11:30:55.444root 11241100x8000000000000000536224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c3ad12b4a70d2d2021-12-21 11:30:55.444root 11241100x8000000000000000536225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2914a0f3b8b4ffa42021-12-21 11:30:55.444root 11241100x8000000000000000536226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8abfcb1f1c00dd2021-12-21 11:30:55.444root 11241100x8000000000000000536227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d90306b3a921c2021-12-21 11:30:55.444root 11241100x8000000000000000536228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7587fbc9b12cb5012021-12-21 11:30:55.444root 11241100x8000000000000000536229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a83829280e0e912021-12-21 11:30:55.444root 11241100x8000000000000000536230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94289908358c4ebf2021-12-21 11:30:55.444root 11241100x8000000000000000536231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54a1e2d0a69a7b02021-12-21 11:30:55.444root 11241100x8000000000000000536232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d279f86c555c0dc2021-12-21 11:30:55.444root 11241100x8000000000000000536233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb64515c97640a822021-12-21 11:30:55.444root 11241100x8000000000000000536234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f15ae01cd6429f92021-12-21 11:30:55.444root 11241100x8000000000000000536235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18b80c507bb34512021-12-21 11:30:55.444root 11241100x8000000000000000536236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609a762cb60fcdf2021-12-21 11:30:55.444root 11241100x8000000000000000536237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b2637f1ae032422021-12-21 11:30:55.445root 11241100x8000000000000000536238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b21839f8ed0192021-12-21 11:30:55.943root 11241100x8000000000000000536239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa2aa3169f7dfa32021-12-21 11:30:55.943root 11241100x8000000000000000536240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c60de8dd9074552021-12-21 11:30:55.943root 11241100x8000000000000000536241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff942c8fc8e4eba02021-12-21 11:30:55.943root 11241100x8000000000000000536242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a47cd4b364e4e22021-12-21 11:30:55.943root 11241100x8000000000000000536243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a19d701fa8e9712021-12-21 11:30:55.944root 11241100x8000000000000000536244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60eacb4960d12e2021-12-21 11:30:55.944root 11241100x8000000000000000536245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3d434978f86c42021-12-21 11:30:55.944root 11241100x8000000000000000536246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060ec4dd5b3303592021-12-21 11:30:55.944root 11241100x8000000000000000536247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b30137fc31f232021-12-21 11:30:55.944root 11241100x8000000000000000536248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533dc745b83a4bb2021-12-21 11:30:55.944root 11241100x8000000000000000536249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd957e4ac4c7cd2021-12-21 11:30:55.944root 11241100x8000000000000000536250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28562361ab3e40a72021-12-21 11:30:55.944root 11241100x8000000000000000536251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1becc68eec066cfe2021-12-21 11:30:55.944root 11241100x8000000000000000536252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3b98ce0e9849bb2021-12-21 11:30:55.944root 11241100x8000000000000000536253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e984fecb69539b02021-12-21 11:30:55.944root 11241100x8000000000000000536254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0723b480bcf0a4082021-12-21 11:30:55.944root 11241100x8000000000000000536255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def21e8d597c4a492021-12-21 11:30:55.944root 11241100x8000000000000000536256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5d31105d117ca2021-12-21 11:30:56.443root 11241100x8000000000000000536257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc7a55799f941a62021-12-21 11:30:56.443root 11241100x8000000000000000536258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e208df6f1037f62021-12-21 11:30:56.443root 11241100x8000000000000000536259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534004217f17126a2021-12-21 11:30:56.443root 11241100x8000000000000000536260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae7f22446bd5252021-12-21 11:30:56.443root 11241100x8000000000000000536261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0031477867cd6d92021-12-21 11:30:56.444root 11241100x8000000000000000536262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bcec6593a1ff602021-12-21 11:30:56.444root 11241100x8000000000000000536263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb863f8c71e6632b2021-12-21 11:30:56.444root 11241100x8000000000000000536264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7004e58d658cbd152021-12-21 11:30:56.444root 11241100x8000000000000000536265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232658a08653a5a2021-12-21 11:30:56.444root 11241100x8000000000000000536266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664de0ff7dab873f2021-12-21 11:30:56.444root 11241100x8000000000000000536267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca17947b42930762021-12-21 11:30:56.444root 11241100x8000000000000000536268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b39c2c0bd39114e2021-12-21 11:30:56.444root 11241100x8000000000000000536269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885a606072ae35b2021-12-21 11:30:56.444root 11241100x8000000000000000536270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a16118c68bef142021-12-21 11:30:56.444root 11241100x8000000000000000536271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac385a1b10caa52021-12-21 11:30:56.444root 11241100x8000000000000000536272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523ddfb7eefeff02021-12-21 11:30:56.444root 11241100x8000000000000000536273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880d6ce3fc9eb1872021-12-21 11:30:56.444root 11241100x8000000000000000536274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e08326aebc6b22021-12-21 11:30:56.943root 11241100x8000000000000000536275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6647f61a8610f12021-12-21 11:30:56.943root 11241100x8000000000000000536276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1864f1fd239087ff2021-12-21 11:30:56.943root 11241100x8000000000000000536277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aabb056e4f9a822021-12-21 11:30:56.943root 11241100x8000000000000000536278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c042ecedc8b1da2021-12-21 11:30:56.943root 11241100x8000000000000000536279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e97b05c95b4bbff2021-12-21 11:30:56.944root 11241100x8000000000000000536280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80b5a1547785f42021-12-21 11:30:56.944root 11241100x8000000000000000536281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11880df01b0b44db2021-12-21 11:30:56.944root 11241100x8000000000000000536282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1193ad2fcd88aa2021-12-21 11:30:56.944root 11241100x8000000000000000536283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2345fa65d85007722021-12-21 11:30:56.944root 11241100x8000000000000000536284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb07b67d307403d62021-12-21 11:30:56.944root 11241100x8000000000000000536285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5768c1b0123e24c42021-12-21 11:30:56.944root 11241100x8000000000000000536286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b358e75ead6b842021-12-21 11:30:56.944root 11241100x8000000000000000536287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6848c56463a0262021-12-21 11:30:56.944root 11241100x8000000000000000536288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf65261867827f2021-12-21 11:30:56.944root 11241100x8000000000000000536289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf88fe245ab03f272021-12-21 11:30:56.944root 11241100x8000000000000000536290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d290dd93d188ee6a2021-12-21 11:30:56.944root 11241100x8000000000000000536291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58133d68ea8d70f2021-12-21 11:30:56.944root 11241100x8000000000000000536292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf69c3558bc4712021-12-21 11:30:57.443root 11241100x8000000000000000536293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2429ca4d9e5d26912021-12-21 11:30:57.443root 11241100x8000000000000000536294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4bd3dc0887baf22021-12-21 11:30:57.443root 11241100x8000000000000000536295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb15c0a1834839c62021-12-21 11:30:57.443root 11241100x8000000000000000536296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df18a868a9285e62021-12-21 11:30:57.443root 11241100x8000000000000000536297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3619c7e9c3969b2021-12-21 11:30:57.444root 11241100x8000000000000000536298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107547535ef0d4062021-12-21 11:30:57.444root 11241100x8000000000000000536299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f4f6185b38dcd2021-12-21 11:30:57.444root 11241100x8000000000000000536300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd063272d570fc6d2021-12-21 11:30:57.444root 11241100x8000000000000000536301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b622d3c567c0827e2021-12-21 11:30:57.444root 11241100x8000000000000000536302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3b7eb9266609312021-12-21 11:30:57.444root 11241100x8000000000000000536303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245cb7994e8ec642021-12-21 11:30:57.444root 11241100x8000000000000000536304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06a9623a6a3f452021-12-21 11:30:57.444root 11241100x8000000000000000536305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb4c5747b8aa392021-12-21 11:30:57.444root 11241100x8000000000000000536306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff57ed2a10a778da2021-12-21 11:30:57.444root 11241100x8000000000000000536307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8858d3faf7deb0b2021-12-21 11:30:57.444root 11241100x8000000000000000536308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a1a967c5515cff2021-12-21 11:30:57.444root 11241100x8000000000000000536309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec70f113b68988992021-12-21 11:30:57.444root 11241100x8000000000000000536310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee00298a7d6e5ef2021-12-21 11:30:57.943root 11241100x8000000000000000536311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e82541d4b253f2021-12-21 11:30:57.943root 11241100x8000000000000000536312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104951ac57b8b9302021-12-21 11:30:57.944root 11241100x8000000000000000536313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf61cd05ebdb962021-12-21 11:30:57.944root 11241100x8000000000000000536314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147442624a4f796a2021-12-21 11:30:57.944root 11241100x8000000000000000536315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73eebfefec685b2021-12-21 11:30:57.944root 11241100x8000000000000000536316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9189101eebb6ea8e2021-12-21 11:30:57.944root 11241100x8000000000000000536317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da68a54c8b8654602021-12-21 11:30:57.944root 11241100x8000000000000000536318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5a77a2c953b5552021-12-21 11:30:57.944root 11241100x8000000000000000536319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eca22d9fda16922021-12-21 11:30:57.944root 11241100x8000000000000000536320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53d146a61630e4f2021-12-21 11:30:57.944root 11241100x8000000000000000536321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7e9a8a799924712021-12-21 11:30:57.944root 11241100x8000000000000000536322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fef695c9253a362021-12-21 11:30:57.944root 11241100x8000000000000000536323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866120c1dd0dd6012021-12-21 11:30:57.944root 11241100x8000000000000000536324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae004ca53e5ec6c22021-12-21 11:30:57.944root 11241100x8000000000000000536325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15684961c4f237102021-12-21 11:30:57.944root 11241100x8000000000000000536326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa9405abee7b7662021-12-21 11:30:57.944root 11241100x8000000000000000536327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb87c3a73f5f7812021-12-21 11:30:57.944root 11241100x8000000000000000536328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d61bfd78e587b1b2021-12-21 11:30:58.443root 11241100x8000000000000000536329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1e29e4ef16d1df2021-12-21 11:30:58.443root 11241100x8000000000000000536330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a29be4c38ef07f2021-12-21 11:30:58.443root 11241100x8000000000000000536331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf0212ef6bd68ff2021-12-21 11:30:58.443root 11241100x8000000000000000536332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bad4eab88e67732021-12-21 11:30:58.443root 11241100x8000000000000000536333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a647193202b7abf2021-12-21 11:30:58.444root 11241100x8000000000000000536334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0067eb1f55f8022021-12-21 11:30:58.444root 11241100x8000000000000000536335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936b73a1267602e2021-12-21 11:30:58.444root 11241100x8000000000000000536336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a62a53a553ee52021-12-21 11:30:58.444root 11241100x8000000000000000536337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de85de0ff14005c72021-12-21 11:30:58.444root 11241100x8000000000000000536338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a0e38e24ca43e2021-12-21 11:30:58.444root 11241100x8000000000000000536339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76193bc7ec24a4c42021-12-21 11:30:58.444root 11241100x8000000000000000536340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691b21d6db36cfed2021-12-21 11:30:58.444root 11241100x8000000000000000536341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e5dc54b96896a22021-12-21 11:30:58.444root 11241100x8000000000000000536342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3470ea471f70092021-12-21 11:30:58.444root 11241100x8000000000000000536343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac614a037f618f72021-12-21 11:30:58.444root 11241100x8000000000000000536344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc2d7ad1b7095012021-12-21 11:30:58.444root 11241100x8000000000000000536345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e47ebe9765cc332021-12-21 11:30:58.444root 11241100x8000000000000000536346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aa3cbcab1580e52021-12-21 11:30:58.943root 11241100x8000000000000000536347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528b5f7089dbe372021-12-21 11:30:58.943root 11241100x8000000000000000536348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f25a3046916422021-12-21 11:30:58.943root 11241100x8000000000000000536349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575add82d915d9b22021-12-21 11:30:58.943root 11241100x8000000000000000536350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200121d83929d4fd2021-12-21 11:30:58.943root 11241100x8000000000000000536351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89387e5bf3d1c62021-12-21 11:30:58.944root 11241100x8000000000000000536352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e6a52c016853d82021-12-21 11:30:58.944root 11241100x8000000000000000536353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668bfb58086be152021-12-21 11:30:58.944root 11241100x8000000000000000536354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd02efb9f0208cf2021-12-21 11:30:58.944root 11241100x8000000000000000536355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d988d79472ffb212021-12-21 11:30:58.944root 11241100x8000000000000000536356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7fb397dc12b3242021-12-21 11:30:58.944root 11241100x8000000000000000536357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b412fa1a6179132021-12-21 11:30:58.944root 11241100x8000000000000000536358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48731e58d78afd482021-12-21 11:30:58.944root 11241100x8000000000000000536359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b54ff949d7edf52021-12-21 11:30:58.944root 11241100x8000000000000000536360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf73648e99fe4fdb2021-12-21 11:30:58.944root 11241100x8000000000000000536361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c5e821c5adde922021-12-21 11:30:58.944root 11241100x8000000000000000536362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1852ee6f139d01af2021-12-21 11:30:58.944root 11241100x8000000000000000536363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73483562835ada7a2021-12-21 11:30:58.944root 11241100x8000000000000000536364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dca7db36dccea02021-12-21 11:30:59.443root 11241100x8000000000000000536365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed0366fd1b98352021-12-21 11:30:59.443root 11241100x8000000000000000536366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489423e615ed1c52021-12-21 11:30:59.443root 11241100x8000000000000000536367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44ae2f6f11ab6452021-12-21 11:30:59.443root 11241100x8000000000000000536368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943eb9bba253a80b2021-12-21 11:30:59.444root 11241100x8000000000000000536369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d915926e85835be2021-12-21 11:30:59.444root 11241100x8000000000000000536370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eabcefc19504ebc2021-12-21 11:30:59.444root 11241100x8000000000000000536371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f01751c5a43ba42021-12-21 11:30:59.444root 11241100x8000000000000000536372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afce23e7171bef812021-12-21 11:30:59.444root 11241100x8000000000000000536373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8787f981a09ea1b62021-12-21 11:30:59.444root 11241100x8000000000000000536374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7b964685aab7f02021-12-21 11:30:59.444root 11241100x8000000000000000536375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215065c33867ee42021-12-21 11:30:59.444root 11241100x8000000000000000536376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930872a04fe187712021-12-21 11:30:59.444root 11241100x8000000000000000536377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0ef5b4b17c181d2021-12-21 11:30:59.444root 11241100x8000000000000000536378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12063a86a8455942021-12-21 11:30:59.444root 11241100x8000000000000000536379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff72b65d6adb678f2021-12-21 11:30:59.444root 11241100x8000000000000000536380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d326ccb22b4442021-12-21 11:30:59.444root 11241100x8000000000000000536381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19786d9ab13047092021-12-21 11:30:59.444root 11241100x8000000000000000536382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d3bd4e19a1d3c2021-12-21 11:30:59.943root 11241100x8000000000000000536383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723c62a9f26984142021-12-21 11:30:59.943root 11241100x8000000000000000536384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068f826d9c9311a2021-12-21 11:30:59.943root 11241100x8000000000000000536385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c46ce2fcca7212021-12-21 11:30:59.943root 11241100x8000000000000000536386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b53f3d09576a532021-12-21 11:30:59.943root 11241100x8000000000000000536387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a8351483788c62021-12-21 11:30:59.944root 11241100x8000000000000000536388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef74d42b66b4fc62021-12-21 11:30:59.944root 11241100x8000000000000000536389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2493245add2ae9f12021-12-21 11:30:59.944root 11241100x8000000000000000536390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b0629f219ed79f2021-12-21 11:30:59.944root 11241100x8000000000000000536391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c790be9f4d3340f2021-12-21 11:30:59.944root 11241100x8000000000000000536392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0b2693550125412021-12-21 11:30:59.944root 11241100x8000000000000000536393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f3b9b207051992021-12-21 11:30:59.944root 11241100x8000000000000000536394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda85cc4daf697a42021-12-21 11:30:59.944root 11241100x8000000000000000536395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dd4bf444c1e4f42021-12-21 11:30:59.944root 11241100x8000000000000000536396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0e9431d3a93c62021-12-21 11:30:59.944root 11241100x8000000000000000536397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f405fc51bf94292a2021-12-21 11:30:59.944root 11241100x8000000000000000536398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be1a16c065958ce2021-12-21 11:30:59.944root 11241100x8000000000000000536399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:30:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9aa377b6ab6062021-12-21 11:30:59.944root 354300x8000000000000000536400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48650-false10.0.1.12-8000- 11241100x8000000000000000536401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99345b66f1350d342021-12-21 11:31:00.443root 11241100x8000000000000000536402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d09356900259c2021-12-21 11:31:00.443root 11241100x8000000000000000536403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60bde5d1b44133d2021-12-21 11:31:00.443root 11241100x8000000000000000536404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808b5f06a6180842021-12-21 11:31:00.444root 11241100x8000000000000000536405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecf6ce8ef4cfbb2021-12-21 11:31:00.444root 11241100x8000000000000000536406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38bf4d48d37b492021-12-21 11:31:00.444root 11241100x8000000000000000536407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78b12292471161e2021-12-21 11:31:00.444root 11241100x8000000000000000536408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf7bc2853493d1a2021-12-21 11:31:00.444root 11241100x8000000000000000536409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0095364fa63300c2021-12-21 11:31:00.444root 11241100x8000000000000000536410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9992c0e0b5a4212021-12-21 11:31:00.444root 11241100x8000000000000000536411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53976e00e7520fd2021-12-21 11:31:00.444root 11241100x8000000000000000536412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40592e521b48a4c12021-12-21 11:31:00.444root 11241100x8000000000000000536413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f34eb6fe99227fc2021-12-21 11:31:00.444root 11241100x8000000000000000536414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b87e11a064cfe22021-12-21 11:31:00.444root 11241100x8000000000000000536415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489f39f4e73af962021-12-21 11:31:00.444root 11241100x8000000000000000536416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdd134b164b14722021-12-21 11:31:00.444root 11241100x8000000000000000536417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02e719758ec14e02021-12-21 11:31:00.444root 11241100x8000000000000000536418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880fe057a56836382021-12-21 11:31:00.444root 11241100x8000000000000000536419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c274a148dc872292021-12-21 11:31:00.445root 11241100x8000000000000000536420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fe0895417f03f92021-12-21 11:31:00.943root 11241100x8000000000000000536421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b3a54963cbdd12021-12-21 11:31:00.943root 11241100x8000000000000000536422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d3bf334c2194d2021-12-21 11:31:00.943root 11241100x8000000000000000536423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d4c2008124bc9b2021-12-21 11:31:00.943root 11241100x8000000000000000536424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7320695a6a0639e52021-12-21 11:31:00.944root 11241100x8000000000000000536425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c057cb1a48a4102021-12-21 11:31:00.944root 11241100x8000000000000000536426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e9d38e6bbe3bb2021-12-21 11:31:00.944root 11241100x8000000000000000536427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a7f791e81fed982021-12-21 11:31:00.944root 11241100x8000000000000000536428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8dcbf0e192818a2021-12-21 11:31:00.944root 11241100x8000000000000000536429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308207f4d06085f2021-12-21 11:31:00.944root 11241100x8000000000000000536430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f880dd36fe63072021-12-21 11:31:00.944root 11241100x8000000000000000536431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f5efe2ff7d1912021-12-21 11:31:00.944root 11241100x8000000000000000536432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fe22e681909fa22021-12-21 11:31:00.944root 11241100x8000000000000000536433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd391c772ee875bf2021-12-21 11:31:00.944root 11241100x8000000000000000536434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c516abed53b3f32021-12-21 11:31:00.944root 11241100x8000000000000000536435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a242f36ec40a9c212021-12-21 11:31:00.945root 11241100x8000000000000000536436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a583674ffe1162021-12-21 11:31:00.945root 11241100x8000000000000000536437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1cd07d5b1016b2021-12-21 11:31:00.945root 11241100x8000000000000000536438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b21ebc7d8fa46d2021-12-21 11:31:00.945root 11241100x8000000000000000536439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b88c85b9e433d82021-12-21 11:31:01.443root 11241100x8000000000000000536440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ada3bc50a14e992021-12-21 11:31:01.443root 11241100x8000000000000000536441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e256b5a2347441642021-12-21 11:31:01.443root 11241100x8000000000000000536442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ab94ac22ed3fb32021-12-21 11:31:01.443root 11241100x8000000000000000536443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076d1d6213a4a8e2021-12-21 11:31:01.444root 11241100x8000000000000000536444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f887c730367ff22021-12-21 11:31:01.444root 11241100x8000000000000000536445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000d8d75814924502021-12-21 11:31:01.444root 11241100x8000000000000000536446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f642118880c1df32021-12-21 11:31:01.444root 11241100x8000000000000000536447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bedea40568a29c2021-12-21 11:31:01.444root 11241100x8000000000000000536448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1d72a0f21d8782021-12-21 11:31:01.444root 11241100x8000000000000000536449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48516c2665ffcb52021-12-21 11:31:01.444root 11241100x8000000000000000536450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e2cad4411794e42021-12-21 11:31:01.444root 11241100x8000000000000000536451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089c45f7fb8ac662021-12-21 11:31:01.444root 11241100x8000000000000000536452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c6cf019c19eda32021-12-21 11:31:01.444root 11241100x8000000000000000536453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e2aad23b43ee12021-12-21 11:31:01.444root 11241100x8000000000000000536454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fabf336b5d2b852021-12-21 11:31:01.444root 11241100x8000000000000000536455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb16afb587cb0e12021-12-21 11:31:01.444root 11241100x8000000000000000536456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51f281fe0de3cb2021-12-21 11:31:01.444root 11241100x8000000000000000536457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872947131eb921262021-12-21 11:31:01.444root 11241100x8000000000000000536458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef002fd54fbb3f2a2021-12-21 11:31:01.943root 11241100x8000000000000000536459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54948aca0414f9ab2021-12-21 11:31:01.943root 11241100x8000000000000000536460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c6f958ca115c2b2021-12-21 11:31:01.943root 11241100x8000000000000000536461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1cf4f0da5953622021-12-21 11:31:01.943root 11241100x8000000000000000536462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c838efb33f517e2021-12-21 11:31:01.944root 11241100x8000000000000000536463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecce9f39acf17722021-12-21 11:31:01.944root 11241100x8000000000000000536464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aa2a0fcb74d5752021-12-21 11:31:01.944root 11241100x8000000000000000536465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53125b971063a172021-12-21 11:31:01.944root 11241100x8000000000000000536466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca652ff71ff295562021-12-21 11:31:01.944root 11241100x8000000000000000536467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c91e6c69973642021-12-21 11:31:01.944root 11241100x8000000000000000536468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a137b6efe48a1e2021-12-21 11:31:01.944root 11241100x8000000000000000536469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab0cf83387a79f82021-12-21 11:31:01.944root 11241100x8000000000000000536470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af38be8f629c1962021-12-21 11:31:01.944root 11241100x8000000000000000536471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf03259b9f94a2892021-12-21 11:31:01.944root 11241100x8000000000000000536472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d459f1cf01147ac92021-12-21 11:31:01.944root 11241100x8000000000000000536473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a3e8baea3d00cc2021-12-21 11:31:01.944root 11241100x8000000000000000536474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10576443ddef30e12021-12-21 11:31:01.944root 11241100x8000000000000000536475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649eb4161541074a2021-12-21 11:31:01.944root 11241100x8000000000000000536476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8fb1368cb588b72021-12-21 11:31:01.944root 11241100x8000000000000000536477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580408fffd8be152021-12-21 11:31:02.443root 11241100x8000000000000000536478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17dcde5791702982021-12-21 11:31:02.443root 11241100x8000000000000000536479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc4cc6d7e4d8e82021-12-21 11:31:02.443root 11241100x8000000000000000536480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb1f6f486226f0c2021-12-21 11:31:02.443root 11241100x8000000000000000536481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1fea2b4e18d76d2021-12-21 11:31:02.443root 11241100x8000000000000000536482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437ab74b0eae5072021-12-21 11:31:02.444root 11241100x8000000000000000536483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf9d169c3c987f72021-12-21 11:31:02.444root 11241100x8000000000000000536484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12ea2e2d8ffa342021-12-21 11:31:02.444root 11241100x8000000000000000536485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed81041b341ac032021-12-21 11:31:02.444root 11241100x8000000000000000536486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde57f83e0f0f182021-12-21 11:31:02.444root 11241100x8000000000000000536487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab5d829dc587fed2021-12-21 11:31:02.444root 11241100x8000000000000000536488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc196b1218a537b2021-12-21 11:31:02.444root 11241100x8000000000000000536489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6398651717c13d2021-12-21 11:31:02.444root 11241100x8000000000000000536490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c2fbd6bbc61742021-12-21 11:31:02.444root 11241100x8000000000000000536491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d706e0436f465582021-12-21 11:31:02.444root 11241100x8000000000000000536492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d083ae9b09954d2021-12-21 11:31:02.444root 11241100x8000000000000000536493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372d59150e61ebf2021-12-21 11:31:02.444root 11241100x8000000000000000536494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c6e8089cd85af12021-12-21 11:31:02.444root 11241100x8000000000000000536495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefbd6210c6553ea2021-12-21 11:31:02.444root 11241100x8000000000000000536496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3c79a51ced1d4c2021-12-21 11:31:02.943root 11241100x8000000000000000536497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaca544b62334d82021-12-21 11:31:02.943root 11241100x8000000000000000536498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfacde60d38d91c2021-12-21 11:31:02.943root 11241100x8000000000000000536499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c22dffa879f49ca2021-12-21 11:31:02.943root 11241100x8000000000000000536500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c695df4d857f08322021-12-21 11:31:02.944root 11241100x8000000000000000536501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee6e04b15dcfed2021-12-21 11:31:02.944root 11241100x8000000000000000536502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed59d80abd743612021-12-21 11:31:02.944root 11241100x8000000000000000536503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432be53141cb99e22021-12-21 11:31:02.944root 11241100x8000000000000000536504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3a22f4b48d29172021-12-21 11:31:02.944root 11241100x8000000000000000536505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541f21294a5b60e2021-12-21 11:31:02.944root 11241100x8000000000000000536506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2da83015d2e00e2021-12-21 11:31:02.944root 11241100x8000000000000000536507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9244d32b9ba9f2021-12-21 11:31:02.944root 11241100x8000000000000000536508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2303f2680220413d2021-12-21 11:31:02.944root 11241100x8000000000000000536509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133222af40d04bdc2021-12-21 11:31:02.944root 11241100x8000000000000000536510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b609d06aec1212021-12-21 11:31:02.944root 11241100x8000000000000000536511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a12b3db3c2e8b692021-12-21 11:31:02.944root 11241100x8000000000000000536512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c26ae6ee40e6e2021-12-21 11:31:02.944root 11241100x8000000000000000536513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef98518a7c76e2a82021-12-21 11:31:02.944root 11241100x8000000000000000536514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ae32bfe8bfb4d2021-12-21 11:31:02.944root 11241100x8000000000000000536515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2385fbcc6f0012b12021-12-21 11:31:03.443root 11241100x8000000000000000536516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d57e187bd7b90d2021-12-21 11:31:03.443root 11241100x8000000000000000536517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d4e2824d3e583c2021-12-21 11:31:03.443root 11241100x8000000000000000536518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25672639379f512021-12-21 11:31:03.443root 11241100x8000000000000000536519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bcb8aefa4cf70b2021-12-21 11:31:03.444root 11241100x8000000000000000536520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec48f5d29f348da2021-12-21 11:31:03.444root 11241100x8000000000000000536521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f832c7b7c5cbac2021-12-21 11:31:03.444root 11241100x8000000000000000536522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908955e53bcd3ab42021-12-21 11:31:03.444root 11241100x8000000000000000536523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48bdf2d20e321112021-12-21 11:31:03.444root 11241100x8000000000000000536524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3efc464cc80472021-12-21 11:31:03.444root 11241100x8000000000000000536525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631f7d7eaf19af752021-12-21 11:31:03.444root 11241100x8000000000000000536526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82418fcbedaee65a2021-12-21 11:31:03.444root 11241100x8000000000000000536527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c84584656ecf412021-12-21 11:31:03.444root 11241100x8000000000000000536528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede0abd8d8d022fa2021-12-21 11:31:03.444root 11241100x8000000000000000536529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252ea145efd613792021-12-21 11:31:03.444root 11241100x8000000000000000536530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23c2d77761c4912021-12-21 11:31:03.444root 11241100x8000000000000000536531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d570be47ff5c302021-12-21 11:31:03.444root 11241100x8000000000000000536532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68dd68d3ebd5762021-12-21 11:31:03.444root 11241100x8000000000000000536533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d704211a7502d872021-12-21 11:31:03.444root 11241100x8000000000000000536534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d286302f7ff35482021-12-21 11:31:03.943root 11241100x8000000000000000536535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d947ecfac19b2b452021-12-21 11:31:03.943root 11241100x8000000000000000536536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a302952f07a57d2021-12-21 11:31:03.943root 11241100x8000000000000000536537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f3f6edd5ca1e192021-12-21 11:31:03.943root 11241100x8000000000000000536538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbab8e16de69ab0b2021-12-21 11:31:03.944root 11241100x8000000000000000536539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75fc9acbd29bdfa2021-12-21 11:31:03.944root 11241100x8000000000000000536540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadcc27b711008e72021-12-21 11:31:03.944root 11241100x8000000000000000536541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588776f75722e2e2021-12-21 11:31:03.944root 11241100x8000000000000000536542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0905d7318b42ee72021-12-21 11:31:03.944root 11241100x8000000000000000536543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4cb1d04f7859692021-12-21 11:31:03.944root 11241100x8000000000000000536544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c5668565467f3c2021-12-21 11:31:03.944root 11241100x8000000000000000536545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc24bb2d554b38972021-12-21 11:31:03.944root 11241100x8000000000000000536546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc178d28ada04bc2021-12-21 11:31:03.944root 11241100x8000000000000000536547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac8c38a48db8242021-12-21 11:31:03.944root 11241100x8000000000000000536548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba77947ef24ed6582021-12-21 11:31:03.944root 11241100x8000000000000000536549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b231a3181f2ec2021-12-21 11:31:03.944root 11241100x8000000000000000536550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8fada689007fa2021-12-21 11:31:03.944root 11241100x8000000000000000536551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6729a09d713f7dc2021-12-21 11:31:03.944root 11241100x8000000000000000536552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a8e67b10908592021-12-21 11:31:03.944root 11241100x8000000000000000536553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8555ee4ea1ffb9e2021-12-21 11:31:04.443root 11241100x8000000000000000536554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a768305f2c960e52021-12-21 11:31:04.443root 11241100x8000000000000000536555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626acb87902b80ff2021-12-21 11:31:04.443root 11241100x8000000000000000536556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76acaccfaf5f87ab2021-12-21 11:31:04.443root 11241100x8000000000000000536557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26617470060da7182021-12-21 11:31:04.444root 11241100x8000000000000000536558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9381fc14c737552021-12-21 11:31:04.444root 11241100x8000000000000000536559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643fec422e05c3d2021-12-21 11:31:04.444root 11241100x8000000000000000536560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b334bcde3951f1fc2021-12-21 11:31:04.444root 11241100x8000000000000000536561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b729033e9b4db9aa2021-12-21 11:31:04.444root 11241100x8000000000000000536562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10c95ef2e27ddd52021-12-21 11:31:04.444root 11241100x8000000000000000536563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf895de928521412021-12-21 11:31:04.444root 11241100x8000000000000000536564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9478f8bf0fd3db5e2021-12-21 11:31:04.444root 11241100x8000000000000000536565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581dc8e97bd70732021-12-21 11:31:04.444root 11241100x8000000000000000536566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aab46f2afd60512021-12-21 11:31:04.444root 11241100x8000000000000000536567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc675cb748fb08982021-12-21 11:31:04.444root 11241100x8000000000000000536568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a4f395f95805692021-12-21 11:31:04.444root 11241100x8000000000000000536569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0166b8fcc448188f2021-12-21 11:31:04.444root 11241100x8000000000000000536570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7917a5577783c22021-12-21 11:31:04.444root 11241100x8000000000000000536571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22afe07e068493b2021-12-21 11:31:04.444root 11241100x8000000000000000536572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eca463a699e47b2021-12-21 11:31:04.943root 11241100x8000000000000000536573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65ac0825c678f082021-12-21 11:31:04.943root 11241100x8000000000000000536574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8df7717a3ea5b22021-12-21 11:31:04.943root 11241100x8000000000000000536575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8b3052b3865afd2021-12-21 11:31:04.944root 11241100x8000000000000000536576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40501f0885b5f312021-12-21 11:31:04.944root 11241100x8000000000000000536577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189b315c22777a582021-12-21 11:31:04.944root 11241100x8000000000000000536578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a52fbeda54edbf2021-12-21 11:31:04.944root 11241100x8000000000000000536579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf4f972e668807e2021-12-21 11:31:04.944root 11241100x8000000000000000536580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b087a3ec29dba99f2021-12-21 11:31:04.944root 11241100x8000000000000000536581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c01bc86ae575f72021-12-21 11:31:04.944root 11241100x8000000000000000536582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9a4eff87e8e152021-12-21 11:31:04.944root 11241100x8000000000000000536583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d91a4b30aac3a72021-12-21 11:31:04.944root 11241100x8000000000000000536584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede8c8084168fa212021-12-21 11:31:04.944root 11241100x8000000000000000536585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a427ce82cf517e1a2021-12-21 11:31:04.944root 11241100x8000000000000000536586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c8aee1b4c2bd122021-12-21 11:31:04.944root 11241100x8000000000000000536587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41642654ed7089f42021-12-21 11:31:04.944root 11241100x8000000000000000536588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1396b105973d1d2021-12-21 11:31:04.944root 11241100x8000000000000000536589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ceec29e171bee2021-12-21 11:31:04.944root 11241100x8000000000000000536590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6273d7d9f230c5962021-12-21 11:31:04.944root 354300x8000000000000000536591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48652-false10.0.1.12-8000- 11241100x8000000000000000536592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f2a0480993fa3e2021-12-21 11:31:05.443root 11241100x8000000000000000536593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34db09c3928583ce2021-12-21 11:31:05.444root 11241100x8000000000000000536594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd32eca5223b842021-12-21 11:31:05.444root 11241100x8000000000000000536595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457d2acc07ffee52021-12-21 11:31:05.444root 11241100x8000000000000000536596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7659472af34dd5a92021-12-21 11:31:05.444root 11241100x8000000000000000536597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acede31408408c32021-12-21 11:31:05.444root 11241100x8000000000000000536598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab0e4abff9833ae2021-12-21 11:31:05.444root 11241100x8000000000000000536599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3cba48ca0aaf022021-12-21 11:31:05.444root 11241100x8000000000000000536600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d078b7462a1f62021-12-21 11:31:05.444root 11241100x8000000000000000536601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f59bd3449799492021-12-21 11:31:05.444root 11241100x8000000000000000536602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea41db41e3fd90c2021-12-21 11:31:05.444root 11241100x8000000000000000536603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2b83e994042fe52021-12-21 11:31:05.444root 11241100x8000000000000000536604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2265d264a75e02021-12-21 11:31:05.444root 11241100x8000000000000000536605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf5dadb9a1975902021-12-21 11:31:05.444root 11241100x8000000000000000536606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f055dad9713dfe2021-12-21 11:31:05.444root 11241100x8000000000000000536607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8929a7e940099e2021-12-21 11:31:05.444root 11241100x8000000000000000536608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7ebfb3a139b642021-12-21 11:31:05.445root 11241100x8000000000000000536609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec52edc6083b0f32021-12-21 11:31:05.445root 11241100x8000000000000000536610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873a12b004c007242021-12-21 11:31:05.445root 11241100x8000000000000000536611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1174bf7c7ee134132021-12-21 11:31:05.445root 11241100x8000000000000000536612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ae323ef7234a42021-12-21 11:31:05.943root 11241100x8000000000000000536613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42769f31603711c2021-12-21 11:31:05.944root 11241100x8000000000000000536614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30a9a373eed41052021-12-21 11:31:05.944root 11241100x8000000000000000536615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bab93dac8f76672021-12-21 11:31:05.944root 11241100x8000000000000000536616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031321a1893248fc2021-12-21 11:31:05.944root 11241100x8000000000000000536617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62c6a8301b07bc2021-12-21 11:31:05.944root 11241100x8000000000000000536618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0f5bd4ffe6852e2021-12-21 11:31:05.944root 11241100x8000000000000000536619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526ab5f1abec8892021-12-21 11:31:05.944root 11241100x8000000000000000536620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2e2541599411ba2021-12-21 11:31:05.945root 11241100x8000000000000000536621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651da9ca23e70cb32021-12-21 11:31:05.945root 11241100x8000000000000000536622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8b29e2f93dd632021-12-21 11:31:05.945root 11241100x8000000000000000536623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a213fa685a2c0fbd2021-12-21 11:31:05.945root 11241100x8000000000000000536624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a5aed7f43de3332021-12-21 11:31:05.945root 11241100x8000000000000000536625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f6e3b2dc454ab2021-12-21 11:31:05.945root 11241100x8000000000000000536626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b926545935b84dc2021-12-21 11:31:05.945root 11241100x8000000000000000536627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b0a7dfc742f60f2021-12-21 11:31:05.945root 11241100x8000000000000000536628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a50b138bc0505e62021-12-21 11:31:05.945root 11241100x8000000000000000536629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f21fcc66b5b7d2021-12-21 11:31:05.945root 11241100x8000000000000000536630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9049a0c897ed32021-12-21 11:31:05.945root 11241100x8000000000000000536631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe709438b8695a2021-12-21 11:31:05.946root 11241100x8000000000000000536632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:31:06.326root 11241100x8000000000000000536633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729ea9ab7480ed812021-12-21 11:31:06.327root 11241100x8000000000000000536634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3f3d9929ca97752021-12-21 11:31:06.327root 11241100x8000000000000000536635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c840d9f706c3912021-12-21 11:31:06.328root 11241100x8000000000000000536636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6ec37a24afdc42021-12-21 11:31:06.328root 11241100x8000000000000000536637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a5447dd60c61342021-12-21 11:31:06.328root 11241100x8000000000000000536638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef363de304082a2021-12-21 11:31:06.328root 11241100x8000000000000000536639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bcab1da30e7bcb2021-12-21 11:31:06.329root 11241100x8000000000000000536640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d86ebe56a2a8d352021-12-21 11:31:06.329root 11241100x8000000000000000536641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795b63a1c4142b02021-12-21 11:31:06.329root 11241100x8000000000000000536642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252263ae63bdb91a2021-12-21 11:31:06.329root 11241100x8000000000000000536643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560b10811063e4292021-12-21 11:31:06.329root 11241100x8000000000000000536644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40d17becf35c952021-12-21 11:31:06.329root 11241100x8000000000000000536645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096b2c3e92c15cd2021-12-21 11:31:06.329root 11241100x8000000000000000536646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442bcca0d927aa822021-12-21 11:31:06.329root 11241100x8000000000000000536647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae337f6ea323da92021-12-21 11:31:06.329root 11241100x8000000000000000536648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a0451032f9f11b2021-12-21 11:31:06.329root 11241100x8000000000000000536649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f02e03559a56782021-12-21 11:31:06.329root 11241100x8000000000000000536650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a0635b92e816852021-12-21 11:31:06.329root 11241100x8000000000000000536651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b322ef9df12a72021-12-21 11:31:06.330root 11241100x8000000000000000536652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21753e13baf7bfa02021-12-21 11:31:06.330root 11241100x8000000000000000536653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0e73873dc8c3802021-12-21 11:31:06.330root 11241100x8000000000000000536654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83a71304ad3e4bf2021-12-21 11:31:06.330root 11241100x8000000000000000536655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d550b879f9602b2021-12-21 11:31:06.330root 11241100x8000000000000000536656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d967f57471b6a7802021-12-21 11:31:06.693root 11241100x8000000000000000536657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f10ce317ab1462021-12-21 11:31:06.693root 11241100x8000000000000000536658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e5d5bf142e1d222021-12-21 11:31:06.693root 11241100x8000000000000000536659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e00db15ad934bd2021-12-21 11:31:06.693root 11241100x8000000000000000536660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce181c7315c982392021-12-21 11:31:06.693root 11241100x8000000000000000536661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83fd816900eb1072021-12-21 11:31:06.693root 11241100x8000000000000000536662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639bd6134afeb332021-12-21 11:31:06.693root 11241100x8000000000000000536663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ceceb7d006026e2021-12-21 11:31:06.693root 11241100x8000000000000000536664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba83fd083a8a90362021-12-21 11:31:06.694root 11241100x8000000000000000536665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87be02848eba8e4c2021-12-21 11:31:06.694root 11241100x8000000000000000536666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e826ed55b7dec542021-12-21 11:31:06.694root 11241100x8000000000000000536667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c4e57629ad9f72021-12-21 11:31:06.694root 11241100x8000000000000000536668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d876bd249ac0ed552021-12-21 11:31:06.694root 11241100x8000000000000000536669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07511d45b2c41b752021-12-21 11:31:06.695root 11241100x8000000000000000536670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e93b253626d3c42021-12-21 11:31:06.695root 11241100x8000000000000000536671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774ea50b92bff902021-12-21 11:31:06.695root 11241100x8000000000000000536672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5e1b3ab9046b632021-12-21 11:31:06.695root 11241100x8000000000000000536673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cefb91833e4d132021-12-21 11:31:06.695root 11241100x8000000000000000536674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051fa675ecc101a82021-12-21 11:31:06.695root 11241100x8000000000000000536675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ab79849757df82021-12-21 11:31:06.695root 11241100x8000000000000000536676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5236a6d5fe1dcc2021-12-21 11:31:06.695root 11241100x8000000000000000536677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881f5583b6571922021-12-21 11:31:06.696root 11241100x8000000000000000536678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2787c07c59328c82021-12-21 11:31:06.696root 11241100x8000000000000000536679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4fe23996aa985f2021-12-21 11:31:06.696root 11241100x8000000000000000536680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38edfdc9da7b84e2021-12-21 11:31:06.696root 11241100x8000000000000000536681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468a1ab3fa034bd2021-12-21 11:31:06.697root 11241100x8000000000000000536682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa590026c22454202021-12-21 11:31:07.193root 11241100x8000000000000000536683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a576404fe9b4c402021-12-21 11:31:07.193root 11241100x8000000000000000536684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f77d211ba5610ad2021-12-21 11:31:07.193root 11241100x8000000000000000536685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bdda7f35528e1e2021-12-21 11:31:07.193root 11241100x8000000000000000536686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb3b98e111d91042021-12-21 11:31:07.193root 11241100x8000000000000000536687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264d047fff4253752021-12-21 11:31:07.194root 11241100x8000000000000000536688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642584fb5e508ded2021-12-21 11:31:07.194root 11241100x8000000000000000536689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2ed399fea9c40b2021-12-21 11:31:07.194root 11241100x8000000000000000536690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93e9bac08b6d8ed2021-12-21 11:31:07.194root 11241100x8000000000000000536691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0845b417145337f2021-12-21 11:31:07.194root 11241100x8000000000000000536692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524c3ae906d1d5ef2021-12-21 11:31:07.194root 11241100x8000000000000000536693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105e57f74603e862021-12-21 11:31:07.194root 11241100x8000000000000000536694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc93670ba86a3c422021-12-21 11:31:07.194root 11241100x8000000000000000536695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7884e6e380f1e6722021-12-21 11:31:07.194root 11241100x8000000000000000536696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a640bced7bf27e52021-12-21 11:31:07.194root 11241100x8000000000000000536697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814b8858b70020a32021-12-21 11:31:07.194root 11241100x8000000000000000536698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaf9cbed15c55332021-12-21 11:31:07.194root 11241100x8000000000000000536699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463c385af462f4c82021-12-21 11:31:07.194root 11241100x8000000000000000536700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66b8d1b034e90b2021-12-21 11:31:07.194root 11241100x8000000000000000536701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a13d59ea2e6932021-12-21 11:31:07.194root 11241100x8000000000000000536702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dd14a3529a8b1e2021-12-21 11:31:07.195root 11241100x8000000000000000536703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f304130d97c8c0e82021-12-21 11:31:07.693root 11241100x8000000000000000536704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938e63d411b8f5002021-12-21 11:31:07.693root 11241100x8000000000000000536705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddd769689d262872021-12-21 11:31:07.693root 11241100x8000000000000000536706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830ed11bbfa1d932021-12-21 11:31:07.693root 11241100x8000000000000000536707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13991f558349b24f2021-12-21 11:31:07.693root 11241100x8000000000000000536708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118dbc17ac9332f32021-12-21 11:31:07.693root 11241100x8000000000000000536709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1354f32ffb8399a2021-12-21 11:31:07.693root 11241100x8000000000000000536710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd89876169535aa2021-12-21 11:31:07.693root 11241100x8000000000000000536711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307141c60b39a81f2021-12-21 11:31:07.693root 11241100x8000000000000000536712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7a343fccc508e82021-12-21 11:31:07.693root 11241100x8000000000000000536713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830bfb63250abfdf2021-12-21 11:31:07.694root 11241100x8000000000000000536714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7817cd1ec82602021-12-21 11:31:07.694root 11241100x8000000000000000536715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b171d03d91f4612021-12-21 11:31:07.694root 11241100x8000000000000000536716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eedba0ac85b6b6a2021-12-21 11:31:07.694root 11241100x8000000000000000536717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e738e7c89f34472021-12-21 11:31:07.694root 11241100x8000000000000000536718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9d5efa74c094b02021-12-21 11:31:07.694root 11241100x8000000000000000536719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af75968158bec32021-12-21 11:31:07.694root 11241100x8000000000000000536720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b759825972a5ddd2021-12-21 11:31:07.694root 11241100x8000000000000000536721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1173659020c149102021-12-21 11:31:07.694root 11241100x8000000000000000536722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d78581715fcef232021-12-21 11:31:07.694root 11241100x8000000000000000536723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67148c0a784c16ca2021-12-21 11:31:07.694root 11241100x8000000000000000536724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9f63e2534f2ee2021-12-21 11:31:08.193root 11241100x8000000000000000536725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781d8521e93a5322021-12-21 11:31:08.193root 11241100x8000000000000000536726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4358273498fea8732021-12-21 11:31:08.193root 11241100x8000000000000000536727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2c657ed721f0a2021-12-21 11:31:08.194root 11241100x8000000000000000536728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bde060e5aea7222021-12-21 11:31:08.194root 11241100x8000000000000000536729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a0f7ef7ffac7662021-12-21 11:31:08.194root 11241100x8000000000000000536730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88eb60bc61f571c2021-12-21 11:31:08.194root 11241100x8000000000000000536731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa327a8afd392ba52021-12-21 11:31:08.194root 11241100x8000000000000000536732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfe0bbc3be47cd22021-12-21 11:31:08.194root 11241100x8000000000000000536733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a6f06fa0d1016f2021-12-21 11:31:08.194root 11241100x8000000000000000536734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc14bf7b7f95d182021-12-21 11:31:08.194root 11241100x8000000000000000536735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc4005a062904362021-12-21 11:31:08.194root 11241100x8000000000000000536736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c0c4e15cb382d2021-12-21 11:31:08.194root 11241100x8000000000000000536737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bee4979b0fdd562021-12-21 11:31:08.194root 11241100x8000000000000000536738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b96f42eda059232021-12-21 11:31:08.194root 11241100x8000000000000000536739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f073d067c645d2021-12-21 11:31:08.194root 11241100x8000000000000000536740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b55cfa61412022021-12-21 11:31:08.194root 11241100x8000000000000000536741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29456347df47b662021-12-21 11:31:08.194root 11241100x8000000000000000536742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b717e721007f52aa2021-12-21 11:31:08.195root 11241100x8000000000000000536743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf4fd84972179802021-12-21 11:31:08.195root 11241100x8000000000000000536744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76496cd7c86601842021-12-21 11:31:08.195root 11241100x8000000000000000536745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4e627e999923172021-12-21 11:31:08.693root 11241100x8000000000000000536746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677b8eb9d7516f062021-12-21 11:31:08.693root 11241100x8000000000000000536747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509ee924de8b5bd62021-12-21 11:31:08.693root 11241100x8000000000000000536748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8b458830f8a6a52021-12-21 11:31:08.693root 11241100x8000000000000000536749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701bb809e9b4fc252021-12-21 11:31:08.693root 11241100x8000000000000000536750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d370aed95d4b042021-12-21 11:31:08.693root 11241100x8000000000000000536751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397043a46dc5d4c2021-12-21 11:31:08.693root 11241100x8000000000000000536752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57246c8da8963f9c2021-12-21 11:31:08.693root 11241100x8000000000000000536753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03899cf5d33cde262021-12-21 11:31:08.693root 11241100x8000000000000000536754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064b102040e8ba392021-12-21 11:31:08.693root 11241100x8000000000000000536755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b091cf44b97bdc02021-12-21 11:31:08.693root 11241100x8000000000000000536756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e736966f1abe92021-12-21 11:31:08.693root 11241100x8000000000000000536757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349c73e26143b4a02021-12-21 11:31:08.693root 11241100x8000000000000000536758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beffdd07bc51642e2021-12-21 11:31:08.694root 11241100x8000000000000000536759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f79ec3160d639222021-12-21 11:31:08.694root 11241100x8000000000000000536760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa75be05d88f97f22021-12-21 11:31:08.694root 11241100x8000000000000000536761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3fd036c422f5a92021-12-21 11:31:08.694root 11241100x8000000000000000536762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7539fa705a9dc8392021-12-21 11:31:08.694root 11241100x8000000000000000536763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc8daac6086d3cf2021-12-21 11:31:08.694root 11241100x8000000000000000536764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6732fcf5c3f4d32021-12-21 11:31:08.694root 11241100x8000000000000000536765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a8ebecc8cc0c132021-12-21 11:31:08.694root 11241100x8000000000000000536766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd867d8aac461e22021-12-21 11:31:08.694root 11241100x8000000000000000536767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f8fb88fe622aea2021-12-21 11:31:08.694root 11241100x8000000000000000536768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d6cd99404b4da22021-12-21 11:31:08.694root 11241100x8000000000000000536769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6de8b90a34492332021-12-21 11:31:08.694root 11241100x8000000000000000536770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7803391a02ff5d2021-12-21 11:31:09.193root 11241100x8000000000000000536771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415d03de8d3345f2021-12-21 11:31:09.193root 11241100x8000000000000000536772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053e0c43b4839e52021-12-21 11:31:09.193root 11241100x8000000000000000536773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a876c216b8d0d7502021-12-21 11:31:09.193root 11241100x8000000000000000536774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb540c31f7baaa952021-12-21 11:31:09.193root 11241100x8000000000000000536775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417bed769e499a72021-12-21 11:31:09.193root 11241100x8000000000000000536776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450937a65c6e08a2021-12-21 11:31:09.193root 11241100x8000000000000000536777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5a99aa702e8012021-12-21 11:31:09.193root 11241100x8000000000000000536778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf2160c2eab4d82021-12-21 11:31:09.193root 11241100x8000000000000000536779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f570bb53cebcca2f2021-12-21 11:31:09.193root 11241100x8000000000000000536780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca364db6bc4d03a2021-12-21 11:31:09.194root 11241100x8000000000000000536781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2544eba0dbb6de6d2021-12-21 11:31:09.194root 11241100x8000000000000000536782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89217a0912fc01d2021-12-21 11:31:09.194root 11241100x8000000000000000536783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e2725130915b632021-12-21 11:31:09.194root 11241100x8000000000000000536784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe16524b4145a0c2021-12-21 11:31:09.194root 11241100x8000000000000000536785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb68d1531ded562021-12-21 11:31:09.194root 11241100x8000000000000000536786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1308076dc6e1f82021-12-21 11:31:09.194root 11241100x8000000000000000536787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea000282e0c102992021-12-21 11:31:09.194root 11241100x8000000000000000536788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcaf7665e6033712021-12-21 11:31:09.194root 11241100x8000000000000000536789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8e7f880f3fc4f72021-12-21 11:31:09.194root 11241100x8000000000000000536790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5904401db79712021-12-21 11:31:09.194root 23542300x8000000000000000536791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.248{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000536792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b82934b44def96e2021-12-21 11:31:09.693root 11241100x8000000000000000536793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf2598d835459432021-12-21 11:31:09.693root 11241100x8000000000000000536794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b17e7cedae8ea2021-12-21 11:31:09.693root 11241100x8000000000000000536795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79aebc33ccecb42021-12-21 11:31:09.694root 11241100x8000000000000000536796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457cded3976c06aa2021-12-21 11:31:09.694root 11241100x8000000000000000536797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb701ce788917ab2021-12-21 11:31:09.694root 11241100x8000000000000000536798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad716228cfa776342021-12-21 11:31:09.694root 11241100x8000000000000000536799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b52eaf9465234b2021-12-21 11:31:09.694root 11241100x8000000000000000536800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee90bc07efa80e2021-12-21 11:31:09.694root 11241100x8000000000000000536801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38e6bc1ebc128f2021-12-21 11:31:09.694root 11241100x8000000000000000536802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382957cd60be8e582021-12-21 11:31:09.694root 11241100x8000000000000000536803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9784558e860fd2021-12-21 11:31:09.694root 11241100x8000000000000000536804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e0ab85cfb28d42021-12-21 11:31:09.694root 11241100x8000000000000000536805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b0425d02d2d432021-12-21 11:31:09.694root 11241100x8000000000000000536806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bf0d89c2a0c2452021-12-21 11:31:09.694root 11241100x8000000000000000536807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1022aaaf38c58472021-12-21 11:31:09.694root 11241100x8000000000000000536808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e55f15795e86e2021-12-21 11:31:09.694root 11241100x8000000000000000536809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072cad2cc6960acf2021-12-21 11:31:09.694root 11241100x8000000000000000536810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d49f10c8048352021-12-21 11:31:09.695root 11241100x8000000000000000536811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc1e9c490070bc2021-12-21 11:31:09.695root 11241100x8000000000000000536812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6947e9d57dc16042021-12-21 11:31:09.695root 11241100x8000000000000000536813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c095c018477b22021-12-21 11:31:09.695root 11241100x8000000000000000536814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b6b74ce7294c342021-12-21 11:31:10.193root 11241100x8000000000000000536815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2e0f8be21149462021-12-21 11:31:10.193root 11241100x8000000000000000536816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77f7722b16271b32021-12-21 11:31:10.193root 11241100x8000000000000000536817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c20eb19ef2391c2021-12-21 11:31:10.193root 11241100x8000000000000000536818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b0836b20917472021-12-21 11:31:10.193root 11241100x8000000000000000536819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4168741f2ced9682021-12-21 11:31:10.193root 11241100x8000000000000000536820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dd5c9cfb03ebf82021-12-21 11:31:10.193root 11241100x8000000000000000536821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091ae2d2d18cc8e92021-12-21 11:31:10.194root 11241100x8000000000000000536822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0213d4d941418e2021-12-21 11:31:10.194root 11241100x8000000000000000536823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ded6a84b8eec1d2021-12-21 11:31:10.194root 11241100x8000000000000000536824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5948e46f67807092021-12-21 11:31:10.194root 11241100x8000000000000000536825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e2199c3c5088f22021-12-21 11:31:10.194root 11241100x8000000000000000536826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5945c5cd84683fe2021-12-21 11:31:10.194root 11241100x8000000000000000536827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4f5df69d749a582021-12-21 11:31:10.194root 11241100x8000000000000000536828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78595dd12a54ab482021-12-21 11:31:10.194root 11241100x8000000000000000536829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ace12dc5c6825d2021-12-21 11:31:10.194root 11241100x8000000000000000536830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89549640ad0086072021-12-21 11:31:10.194root 11241100x8000000000000000536831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21316ec87adc1dd72021-12-21 11:31:10.194root 11241100x8000000000000000536832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe6988ea0c7b4e2021-12-21 11:31:10.194root 11241100x8000000000000000536833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b832ed78a46a9ad62021-12-21 11:31:10.194root 11241100x8000000000000000536834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376c2ec775babfcb2021-12-21 11:31:10.194root 11241100x8000000000000000536835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6fcd86c406fd622021-12-21 11:31:10.194root 354300x8000000000000000536836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.258{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48654-false10.0.1.12-8000- 11241100x8000000000000000536837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c78a701b13353f42021-12-21 11:31:10.693root 11241100x8000000000000000536838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c1428723ed01df2021-12-21 11:31:10.694root 11241100x8000000000000000536839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b017e9b5c004662021-12-21 11:31:10.694root 11241100x8000000000000000536840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654f1136303cf64e2021-12-21 11:31:10.694root 11241100x8000000000000000536841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12c3e9f79a1aede2021-12-21 11:31:10.694root 11241100x8000000000000000536842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff6e34b7bcd23262021-12-21 11:31:10.694root 11241100x8000000000000000536843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c9568514363652021-12-21 11:31:10.695root 11241100x8000000000000000536844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee472a7719bb3e482021-12-21 11:31:10.695root 11241100x8000000000000000536845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d40e063471caf992021-12-21 11:31:10.695root 11241100x8000000000000000536846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5faba3b1fdc74b2021-12-21 11:31:10.695root 11241100x8000000000000000536847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e681709d30c9652021-12-21 11:31:10.695root 11241100x8000000000000000536848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f64b554e87f3e52021-12-21 11:31:10.695root 11241100x8000000000000000536849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b22fc15d7a4f6d2021-12-21 11:31:10.696root 11241100x8000000000000000536850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8b04a5f35740a82021-12-21 11:31:10.696root 11241100x8000000000000000536851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c0ef3bf0c41e7f2021-12-21 11:31:10.696root 11241100x8000000000000000536852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd69b479bca894a2021-12-21 11:31:10.696root 11241100x8000000000000000536853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3cd1f46006d0222021-12-21 11:31:10.696root 11241100x8000000000000000536854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b998d3d42d1433a2021-12-21 11:31:10.696root 11241100x8000000000000000536855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1516e389603ba1f2021-12-21 11:31:10.697root 11241100x8000000000000000536856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f44e841840612de2021-12-21 11:31:10.697root 11241100x8000000000000000536857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188464c714877522021-12-21 11:31:10.697root 11241100x8000000000000000536858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd23e7c68aeba262021-12-21 11:31:10.697root 11241100x8000000000000000536859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f16a3e4a55a54d2021-12-21 11:31:10.697root 11241100x8000000000000000536860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba97cb1962dbc4902021-12-21 11:31:11.193root 11241100x8000000000000000536861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa10a08db1bac22021-12-21 11:31:11.193root 11241100x8000000000000000536862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc6fc35246b17522021-12-21 11:31:11.193root 11241100x8000000000000000536863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b40e46bb57138b2021-12-21 11:31:11.194root 11241100x8000000000000000536864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7bb3cf1d2e3d62021-12-21 11:31:11.194root 11241100x8000000000000000536865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b14b744239826672021-12-21 11:31:11.194root 11241100x8000000000000000536866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed53dda41caaa6482021-12-21 11:31:11.194root 11241100x8000000000000000536867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca1dda768f9ef782021-12-21 11:31:11.194root 11241100x8000000000000000536868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ca757e4f53a1632021-12-21 11:31:11.194root 11241100x8000000000000000536869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6e95a004352ca82021-12-21 11:31:11.194root 11241100x8000000000000000536870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c0f049b51fdb1a2021-12-21 11:31:11.194root 11241100x8000000000000000536871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ff525a006e2902021-12-21 11:31:11.195root 11241100x8000000000000000536872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbade7487dcc38db2021-12-21 11:31:11.195root 11241100x8000000000000000536873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a897aade2cc905ac2021-12-21 11:31:11.195root 11241100x8000000000000000536874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16484ee1fea0d672021-12-21 11:31:11.195root 11241100x8000000000000000536875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005acad3753ae9b2021-12-21 11:31:11.195root 11241100x8000000000000000536876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6a11f1203d5d972021-12-21 11:31:11.195root 11241100x8000000000000000536877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d41d0e5877af8dc2021-12-21 11:31:11.195root 11241100x8000000000000000536878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85faf82b2d30dfcb2021-12-21 11:31:11.195root 11241100x8000000000000000536879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab30afe810c5ab252021-12-21 11:31:11.195root 11241100x8000000000000000536880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afa99f7fea30b082021-12-21 11:31:11.195root 11241100x8000000000000000536881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce45de43f446b972021-12-21 11:31:11.195root 11241100x8000000000000000536882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef231bd4b917a9d2021-12-21 11:31:11.195root 11241100x8000000000000000536883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd0d95fd27b59ac2021-12-21 11:31:11.693root 11241100x8000000000000000536884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6a2de5d9e27152021-12-21 11:31:11.693root 11241100x8000000000000000536885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286e71f508ddab72021-12-21 11:31:11.693root 11241100x8000000000000000536886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e53b5b7f7be0da82021-12-21 11:31:11.693root 11241100x8000000000000000536887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd66d87471057d562021-12-21 11:31:11.693root 11241100x8000000000000000536888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d111bac30e9b5c32021-12-21 11:31:11.693root 11241100x8000000000000000536889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efdab244ffb5a022021-12-21 11:31:11.693root 11241100x8000000000000000536890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59cafe8ab017e3b2021-12-21 11:31:11.694root 11241100x8000000000000000536891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ec3932733fd8c2021-12-21 11:31:11.694root 11241100x8000000000000000536892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0867f68f8b6d16d82021-12-21 11:31:11.694root 11241100x8000000000000000536893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2bb5e96ea26072021-12-21 11:31:11.694root 11241100x8000000000000000536894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdaacd60d155bb2021-12-21 11:31:11.694root 11241100x8000000000000000536895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675bc903c0d7f5c92021-12-21 11:31:11.694root 11241100x8000000000000000536896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d43d6f1011ca02021-12-21 11:31:11.694root 11241100x8000000000000000536897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf89623f50a3d2a2021-12-21 11:31:11.694root 11241100x8000000000000000536898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3e771062b2c7612021-12-21 11:31:11.694root 11241100x8000000000000000536899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3961037f529fd8ac2021-12-21 11:31:11.694root 11241100x8000000000000000536900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e731f143f3775a12021-12-21 11:31:11.694root 11241100x8000000000000000536901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b5a54a8a9739ab2021-12-21 11:31:11.694root 11241100x8000000000000000536902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256776faf31a60f22021-12-21 11:31:11.694root 11241100x8000000000000000536903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59783e4bbfddc62021-12-21 11:31:11.694root 11241100x8000000000000000536904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff47baf0789b1f2021-12-21 11:31:11.694root 11241100x8000000000000000536905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79e006e6df30ed32021-12-21 11:31:11.695root 11241100x8000000000000000536906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf9039d430c37a2021-12-21 11:31:12.193root 11241100x8000000000000000536907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da04a7d1597d7212021-12-21 11:31:12.193root 11241100x8000000000000000536908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27db7806acdb39762021-12-21 11:31:12.193root 11241100x8000000000000000536909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35785d18f1d2c7012021-12-21 11:31:12.193root 11241100x8000000000000000536910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f57617287786fa2021-12-21 11:31:12.193root 11241100x8000000000000000536911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10af0e854a1437102021-12-21 11:31:12.193root 11241100x8000000000000000536912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4353979fe8c76e1b2021-12-21 11:31:12.193root 11241100x8000000000000000536913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6cc57e02d4f58d2021-12-21 11:31:12.194root 11241100x8000000000000000536914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cae424bc9844132021-12-21 11:31:12.194root 11241100x8000000000000000536915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0a16490b478cc32021-12-21 11:31:12.194root 11241100x8000000000000000536916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6d0c4385b799ab2021-12-21 11:31:12.194root 11241100x8000000000000000536917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d632773ab087797d2021-12-21 11:31:12.194root 11241100x8000000000000000536918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212612b76909824c2021-12-21 11:31:12.194root 11241100x8000000000000000536919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9aa0e92a4494282021-12-21 11:31:12.194root 11241100x8000000000000000536920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85ee50e11376b92021-12-21 11:31:12.194root 11241100x8000000000000000536921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1f69c37e7401012021-12-21 11:31:12.194root 11241100x8000000000000000536922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16953c3aa2ae64212021-12-21 11:31:12.194root 11241100x8000000000000000536923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e679463377aab2021-12-21 11:31:12.194root 11241100x8000000000000000536924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a137092d5b731eb2021-12-21 11:31:12.194root 11241100x8000000000000000536925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67bf7b53f5806c52021-12-21 11:31:12.194root 11241100x8000000000000000536926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42557e919ce605b22021-12-21 11:31:12.194root 11241100x8000000000000000536927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cbf51cde70fce62021-12-21 11:31:12.195root 11241100x8000000000000000536928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea3ce4f7ff74402021-12-21 11:31:12.195root 11241100x8000000000000000536929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2171bf183979a5802021-12-21 11:31:12.693root 11241100x8000000000000000536930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48e83197f7180472021-12-21 11:31:12.693root 11241100x8000000000000000536931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d3c5895dd669d12021-12-21 11:31:12.693root 11241100x8000000000000000536932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c12f8ce8b29ed2021-12-21 11:31:12.693root 11241100x8000000000000000536933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8627f76dad125be2021-12-21 11:31:12.693root 11241100x8000000000000000536934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a178a858f5643a2021-12-21 11:31:12.694root 11241100x8000000000000000536935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34c23f62af315c2021-12-21 11:31:12.694root 11241100x8000000000000000536936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a28135c16c69ee2021-12-21 11:31:12.694root 11241100x8000000000000000536937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd40bad20e64d3fe2021-12-21 11:31:12.694root 11241100x8000000000000000536938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3ff50a5d0593b2021-12-21 11:31:12.694root 11241100x8000000000000000536939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b793ec2099533322021-12-21 11:31:12.694root 11241100x8000000000000000536940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f071e29da6e46a4a2021-12-21 11:31:12.694root 11241100x8000000000000000536941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74b88aadcf1c6dc2021-12-21 11:31:12.694root 11241100x8000000000000000536942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f023cbfb91f42c62021-12-21 11:31:12.694root 11241100x8000000000000000536943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761760d696065a32021-12-21 11:31:12.694root 11241100x8000000000000000536944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4cb8c65ffaf45d2021-12-21 11:31:12.694root 11241100x8000000000000000536945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6024bb5ded29761a2021-12-21 11:31:12.694root 11241100x8000000000000000536946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf3f095ffb26ec22021-12-21 11:31:12.694root 11241100x8000000000000000536947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04788f6abc7be5ed2021-12-21 11:31:12.694root 11241100x8000000000000000536948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316cb431b6b6861d2021-12-21 11:31:12.695root 11241100x8000000000000000536949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230eb42149c669802021-12-21 11:31:12.695root 11241100x8000000000000000536950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd744dc943d2a22021-12-21 11:31:12.695root 11241100x8000000000000000536951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf04be9914141d2021-12-21 11:31:12.695root 11241100x8000000000000000536952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdca33d63aa69cf2021-12-21 11:31:13.193root 11241100x8000000000000000536953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e0b62d12bc9f92021-12-21 11:31:13.193root 11241100x8000000000000000536954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5decd93e7c0730b02021-12-21 11:31:13.193root 11241100x8000000000000000536955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c557d9cd69e7b8c2021-12-21 11:31:13.193root 11241100x8000000000000000536956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa83c8b0166835132021-12-21 11:31:13.193root 11241100x8000000000000000536957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b392eee9a022102021-12-21 11:31:13.193root 11241100x8000000000000000536958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862dc453f31487c2021-12-21 11:31:13.193root 11241100x8000000000000000536959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbe4e966e8b075f2021-12-21 11:31:13.193root 11241100x8000000000000000536960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ce5a9bfccbdd9b2021-12-21 11:31:13.193root 11241100x8000000000000000536961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e11bccc8b281622021-12-21 11:31:13.193root 11241100x8000000000000000536962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da350a1a66b9ecda2021-12-21 11:31:13.193root 11241100x8000000000000000536963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5deb9d1b9e00ed92021-12-21 11:31:13.193root 11241100x8000000000000000536964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0560e86459c0262021-12-21 11:31:13.193root 11241100x8000000000000000536965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bc7c279aac3d882021-12-21 11:31:13.193root 11241100x8000000000000000536966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed444aca954e0762021-12-21 11:31:13.193root 11241100x8000000000000000536967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c40a750dfde2242021-12-21 11:31:13.194root 11241100x8000000000000000536968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1047e61c6aa9e32021-12-21 11:31:13.194root 11241100x8000000000000000536969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2207d7ca71bcb5d2021-12-21 11:31:13.194root 11241100x8000000000000000536970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccdd7081ce7b6242021-12-21 11:31:13.194root 11241100x8000000000000000536971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed9dce3c7ec0922021-12-21 11:31:13.194root 11241100x8000000000000000536972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916ea6774cbf2a9d2021-12-21 11:31:13.194root 11241100x8000000000000000536973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c43efa78693b712021-12-21 11:31:13.194root 11241100x8000000000000000536974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd511f71c676a22021-12-21 11:31:13.194root 11241100x8000000000000000536975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6d7d6bc596ec252021-12-21 11:31:13.194root 11241100x8000000000000000536976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4594ca3e3e7696e2021-12-21 11:31:13.194root 11241100x8000000000000000536977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c35d65ca3ddb3c2021-12-21 11:31:13.693root 11241100x8000000000000000536978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e45aa43df5751a72021-12-21 11:31:13.693root 11241100x8000000000000000536979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8429567dea1e6c012021-12-21 11:31:13.693root 11241100x8000000000000000536980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6563bce0eae99362021-12-21 11:31:13.693root 11241100x8000000000000000536981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843624ae2c81c8a12021-12-21 11:31:13.693root 11241100x8000000000000000536982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb977ddddd3771f2021-12-21 11:31:13.693root 11241100x8000000000000000536983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03600e7fcb958f52021-12-21 11:31:13.693root 11241100x8000000000000000536984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e0ac19a48664ed2021-12-21 11:31:13.693root 11241100x8000000000000000536985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d278b04e0033135d2021-12-21 11:31:13.693root 11241100x8000000000000000536986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd02db9ce6de04962021-12-21 11:31:13.693root 11241100x8000000000000000536987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d489b0d8f22dc862021-12-21 11:31:13.693root 11241100x8000000000000000536988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645df8e5405a9c802021-12-21 11:31:13.693root 11241100x8000000000000000536989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ad44b0f34ec7d02021-12-21 11:31:13.693root 11241100x8000000000000000536990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5a04d3b330bf4f2021-12-21 11:31:13.693root 11241100x8000000000000000536991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff31bca0800346442021-12-21 11:31:13.694root 11241100x8000000000000000536992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5556dd6b3a3e8f2021-12-21 11:31:13.694root 11241100x8000000000000000536993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d9a980aeebcd112021-12-21 11:31:13.694root 11241100x8000000000000000536994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afff4a6fda69e412021-12-21 11:31:13.694root 11241100x8000000000000000536995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19177b8cb6e73a752021-12-21 11:31:13.694root 11241100x8000000000000000536996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304a591c79fcbbf72021-12-21 11:31:13.694root 11241100x8000000000000000536997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cee388e72275b32021-12-21 11:31:13.694root 11241100x8000000000000000536998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1245d6036a8f11e2021-12-21 11:31:13.694root 11241100x8000000000000000536999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57a1b96d4293c692021-12-21 11:31:13.694root 11241100x8000000000000000537000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9eb342e3197b672021-12-21 11:31:13.694root 11241100x8000000000000000537001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4247661b469d0c2021-12-21 11:31:13.694root 11241100x8000000000000000537002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea76c633b74828ca2021-12-21 11:31:13.694root 11241100x8000000000000000537003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904f1053a31eb3f92021-12-21 11:31:14.193root 11241100x8000000000000000537004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1efb0b2c686282021-12-21 11:31:14.193root 11241100x8000000000000000537005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d0bd91dec604512021-12-21 11:31:14.193root 11241100x8000000000000000537006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c1da3b06304182021-12-21 11:31:14.193root 11241100x8000000000000000537007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ae35b1c87bbd342021-12-21 11:31:14.193root 11241100x8000000000000000537008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6190a3bde085e6962021-12-21 11:31:14.194root 11241100x8000000000000000537009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d30b46f42dc2892021-12-21 11:31:14.194root 11241100x8000000000000000537010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799045937c717ef02021-12-21 11:31:14.194root 11241100x8000000000000000537011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c7ab6134c3cf652021-12-21 11:31:14.194root 11241100x8000000000000000537012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3023787ac21e4fd2021-12-21 11:31:14.194root 11241100x8000000000000000537013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9cfd923356f0a72021-12-21 11:31:14.194root 11241100x8000000000000000537014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8067caf53595b32021-12-21 11:31:14.194root 11241100x8000000000000000537015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8f03b80867b1e2021-12-21 11:31:14.194root 11241100x8000000000000000537016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d954c399a4da742021-12-21 11:31:14.194root 11241100x8000000000000000537017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a006fcca6437022021-12-21 11:31:14.194root 11241100x8000000000000000537018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8f368fa5427af42021-12-21 11:31:14.194root 11241100x8000000000000000537019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b7ad010c002ba2021-12-21 11:31:14.194root 11241100x8000000000000000537020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ae30cedeb217c62021-12-21 11:31:14.194root 11241100x8000000000000000537021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe6a06cda85ac4b2021-12-21 11:31:14.194root 11241100x8000000000000000537022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9c54d5cda3da5c2021-12-21 11:31:14.194root 11241100x8000000000000000537023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dcbc1a0110072f2021-12-21 11:31:14.194root 11241100x8000000000000000537024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac61a63f6435ac22021-12-21 11:31:14.195root 11241100x8000000000000000537025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d53af773014ca12021-12-21 11:31:14.195root 11241100x8000000000000000537026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a51eea70a932d222021-12-21 11:31:14.699root 11241100x8000000000000000537027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f65bb98484bd5a2021-12-21 11:31:14.699root 11241100x8000000000000000537028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f5285e00903a052021-12-21 11:31:14.699root 11241100x8000000000000000537029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e116fc00f0b77842021-12-21 11:31:14.699root 11241100x8000000000000000537030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5e2f0650fff7072021-12-21 11:31:14.699root 11241100x8000000000000000537031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dce6e38c70da402021-12-21 11:31:14.699root 11241100x8000000000000000537032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59341fab582ea9082021-12-21 11:31:14.699root 11241100x8000000000000000537033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb451d024226912021-12-21 11:31:14.699root 11241100x8000000000000000537034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98cc6901ec026692021-12-21 11:31:14.699root 11241100x8000000000000000537035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1424c90aad9c4c2021-12-21 11:31:14.699root 11241100x8000000000000000537036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def73ee524ac16432021-12-21 11:31:14.699root 11241100x8000000000000000537037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df065999aa583a422021-12-21 11:31:14.699root 11241100x8000000000000000537038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572fbeb81e670482021-12-21 11:31:14.700root 11241100x8000000000000000537039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b82b7844304cc2021-12-21 11:31:14.700root 11241100x8000000000000000537040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9193f68651625a342021-12-21 11:31:14.700root 11241100x8000000000000000537041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7285544695462bb02021-12-21 11:31:14.700root 11241100x8000000000000000537042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef589dea9488cdca2021-12-21 11:31:14.700root 11241100x8000000000000000537043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f67a684deb752512021-12-21 11:31:14.700root 11241100x8000000000000000537044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba96bdb7303d062021-12-21 11:31:14.700root 11241100x8000000000000000537045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cf5c621d3d002e2021-12-21 11:31:14.700root 11241100x8000000000000000537046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d3ed3202d6fc52021-12-21 11:31:14.700root 11241100x8000000000000000537047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c5d8cd6af7568d2021-12-21 11:31:14.700root 11241100x8000000000000000537048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:14.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75c5c3cd1ea0a52021-12-21 11:31:14.701root 11241100x8000000000000000537049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce6194cfcf335d2021-12-21 11:31:15.193root 11241100x8000000000000000537050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a92a0b452e7eca02021-12-21 11:31:15.193root 11241100x8000000000000000537051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e386b027653d5ee2021-12-21 11:31:15.193root 11241100x8000000000000000537052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574441891ababcec2021-12-21 11:31:15.193root 11241100x8000000000000000537053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32cf29b75c20bb02021-12-21 11:31:15.193root 11241100x8000000000000000537054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f808a798a59dd9102021-12-21 11:31:15.193root 11241100x8000000000000000537055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86f1be1f39ec4fd2021-12-21 11:31:15.194root 11241100x8000000000000000537056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f2820d5418d4a72021-12-21 11:31:15.194root 11241100x8000000000000000537057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958a7eab075f71aa2021-12-21 11:31:15.194root 11241100x8000000000000000537058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ae593511f625072021-12-21 11:31:15.194root 11241100x8000000000000000537059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360980b10c43b442021-12-21 11:31:15.194root 11241100x8000000000000000537060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a465aac7da6120d2021-12-21 11:31:15.194root 11241100x8000000000000000537061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4698737ab25f9cff2021-12-21 11:31:15.194root 11241100x8000000000000000537062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1865dbfe6e60d2c82021-12-21 11:31:15.194root 11241100x8000000000000000537063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12ab3a536aa46a02021-12-21 11:31:15.194root 11241100x8000000000000000537064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6d05b87f30e8ab2021-12-21 11:31:15.195root 11241100x8000000000000000537065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa2447f78741872021-12-21 11:31:15.195root 11241100x8000000000000000537066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77d8419569fce32021-12-21 11:31:15.195root 11241100x8000000000000000537067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ccda63ce8892f52021-12-21 11:31:15.195root 11241100x8000000000000000537068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f31c29360670e3f2021-12-21 11:31:15.195root 11241100x8000000000000000537069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd74135a267dba442021-12-21 11:31:15.195root 11241100x8000000000000000537070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc042624e552ba3f2021-12-21 11:31:15.195root 11241100x8000000000000000537071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4f6801eee50802021-12-21 11:31:15.195root 11241100x8000000000000000537072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d6b33c6e7076402021-12-21 11:31:15.693root 11241100x8000000000000000537073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f1e31abc4f3cf2021-12-21 11:31:15.693root 11241100x8000000000000000537074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a6a3ae56b1fd722021-12-21 11:31:15.693root 11241100x8000000000000000537075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a449091b7acc5f2021-12-21 11:31:15.693root 11241100x8000000000000000537076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974fca0001e24ed72021-12-21 11:31:15.693root 11241100x8000000000000000537077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b834eade6c676f92021-12-21 11:31:15.693root 11241100x8000000000000000537078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0ff295c1a42f8a2021-12-21 11:31:15.693root 11241100x8000000000000000537079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971305b0ca2402072021-12-21 11:31:15.693root 11241100x8000000000000000537080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe71f8c0253c402021-12-21 11:31:15.693root 11241100x8000000000000000537081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93edf23532df8872021-12-21 11:31:15.694root 11241100x8000000000000000537082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847feb078c3724572021-12-21 11:31:15.694root 11241100x8000000000000000537083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e758fb3493bc5c772021-12-21 11:31:15.694root 11241100x8000000000000000537084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb99269eb7baf2ae2021-12-21 11:31:15.694root 11241100x8000000000000000537085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af82a95c098c8d02021-12-21 11:31:15.694root 11241100x8000000000000000537086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca6905d733c671f2021-12-21 11:31:15.694root 11241100x8000000000000000537087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e07e36fe552a8ba2021-12-21 11:31:15.694root 11241100x8000000000000000537088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15ffd8edaa8722e2021-12-21 11:31:15.694root 11241100x8000000000000000537089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101936015a61cdf12021-12-21 11:31:15.694root 11241100x8000000000000000537090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1bce5fdf7ea7362021-12-21 11:31:15.694root 11241100x8000000000000000537091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77913b64e0253c362021-12-21 11:31:15.694root 11241100x8000000000000000537092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a22e73595f41142021-12-21 11:31:15.694root 11241100x8000000000000000537093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47779ca7297fc19b2021-12-21 11:31:15.695root 11241100x8000000000000000537094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eda8e1356d659b2021-12-21 11:31:15.695root 354300x8000000000000000537095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.140{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48656-false10.0.1.12-8000- 11241100x8000000000000000537096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65de5444f6b576012021-12-21 11:31:16.142root 11241100x8000000000000000537097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33877b24f7a06d0e2021-12-21 11:31:16.142root 11241100x8000000000000000537098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09eacb81e6d83482021-12-21 11:31:16.142root 11241100x8000000000000000537099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c5771b4e4e6e4b2021-12-21 11:31:16.142root 11241100x8000000000000000537100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4002727fc0740cc72021-12-21 11:31:16.142root 11241100x8000000000000000537101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7953b39a8a13c02021-12-21 11:31:16.142root 11241100x8000000000000000537102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f9ab821e03e0682021-12-21 11:31:16.142root 11241100x8000000000000000537103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe31e536c5da5162021-12-21 11:31:16.142root 11241100x8000000000000000537104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ece128014baba42021-12-21 11:31:16.142root 11241100x8000000000000000537105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170fda6c698171772021-12-21 11:31:16.142root 11241100x8000000000000000537106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11e917abea90032021-12-21 11:31:16.142root 11241100x8000000000000000537107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38791aa0d90b1cd22021-12-21 11:31:16.143root 11241100x8000000000000000537108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfc1a1fa14ef2182021-12-21 11:31:16.143root 11241100x8000000000000000537109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eaf2f34b7c56982021-12-21 11:31:16.143root 11241100x8000000000000000537110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c98cae78847cb0c2021-12-21 11:31:16.143root 11241100x8000000000000000537111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd100dc77879d7a2021-12-21 11:31:16.143root 11241100x8000000000000000537112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e59619da18996532021-12-21 11:31:16.143root 11241100x8000000000000000537113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e19a202ff8e53e2021-12-21 11:31:16.143root 11241100x8000000000000000537114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc79d37f25682d2021-12-21 11:31:16.144root 11241100x8000000000000000537115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6279beee5105522021-12-21 11:31:16.144root 11241100x8000000000000000537116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99e06fc8d2f8a02021-12-21 11:31:16.144root 11241100x8000000000000000537117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e3c12855cfe632021-12-21 11:31:16.144root 11241100x8000000000000000537118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341a49aa0abe809c2021-12-21 11:31:16.144root 11241100x8000000000000000537119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c61b3955ef522172021-12-21 11:31:16.144root 11241100x8000000000000000537120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299ce184a2ccaf242021-12-21 11:31:16.443root 11241100x8000000000000000537121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a97f92d9a743082021-12-21 11:31:16.443root 11241100x8000000000000000537122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035075d53dd877632021-12-21 11:31:16.443root 11241100x8000000000000000537123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cf090a3f00e0ff2021-12-21 11:31:16.444root 11241100x8000000000000000537124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d0eeff715131c2021-12-21 11:31:16.444root 11241100x8000000000000000537125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e3eaf5b19bd0502021-12-21 11:31:16.444root 11241100x8000000000000000537126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa649824015e91312021-12-21 11:31:16.444root 11241100x8000000000000000537127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed022e713f8a4e2021-12-21 11:31:16.444root 11241100x8000000000000000537128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf1ed39986afe1a2021-12-21 11:31:16.445root 11241100x8000000000000000537129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0b78f9c06c93cd2021-12-21 11:31:16.445root 11241100x8000000000000000537130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81dfa089ac1367e2021-12-21 11:31:16.445root 11241100x8000000000000000537131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dca2e37783a63072021-12-21 11:31:16.445root 11241100x8000000000000000537132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c99ca8e3a6107f2021-12-21 11:31:16.445root 11241100x8000000000000000537133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83733deda5d9ae32021-12-21 11:31:16.445root 11241100x8000000000000000537134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d8dd1ddbd2bf62021-12-21 11:31:16.445root 11241100x8000000000000000537135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edf700f9d117d4d2021-12-21 11:31:16.445root 11241100x8000000000000000537136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0ea4670ac86b3e2021-12-21 11:31:16.445root 11241100x8000000000000000537137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ee9decc65098202021-12-21 11:31:16.445root 11241100x8000000000000000537138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeffa6dce5d2d602021-12-21 11:31:16.446root 11241100x8000000000000000537139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ce290b86775c0c2021-12-21 11:31:16.446root 11241100x8000000000000000537140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70eba95b60f8782021-12-21 11:31:16.446root 11241100x8000000000000000537141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e865801083457b2021-12-21 11:31:16.446root 11241100x8000000000000000537142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f4fa23c4fed162021-12-21 11:31:16.446root 11241100x8000000000000000537143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3605e10ef029f98c2021-12-21 11:31:16.446root 11241100x8000000000000000537144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6d8eddce8d81092021-12-21 11:31:16.943root 11241100x8000000000000000537145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de67af5e562fac2021-12-21 11:31:16.943root 11241100x8000000000000000537146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c790c41d9dbf5892021-12-21 11:31:16.944root 11241100x8000000000000000537147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fe6b1840a026782021-12-21 11:31:16.944root 11241100x8000000000000000537148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17738df43b2466fc2021-12-21 11:31:16.944root 11241100x8000000000000000537149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb63ee847faec392021-12-21 11:31:16.944root 11241100x8000000000000000537150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c867e32956f0102021-12-21 11:31:16.944root 11241100x8000000000000000537151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704100d5231230512021-12-21 11:31:16.944root 11241100x8000000000000000537152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0233b756b24a2782021-12-21 11:31:16.944root 11241100x8000000000000000537153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da0f93d5786c9632021-12-21 11:31:16.944root 11241100x8000000000000000537154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c2385959f07032021-12-21 11:31:16.944root 11241100x8000000000000000537155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba15dc21d35c362021-12-21 11:31:16.944root 11241100x8000000000000000537156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f54d2b10e111f32021-12-21 11:31:16.944root 11241100x8000000000000000537157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc30da299ad611f92021-12-21 11:31:16.945root 11241100x8000000000000000537158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203b0ade3400daa2021-12-21 11:31:16.945root 11241100x8000000000000000537159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab8e86ae40b010c2021-12-21 11:31:16.945root 11241100x8000000000000000537160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519712a8eaee08112021-12-21 11:31:16.945root 11241100x8000000000000000537161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fcd1a20d4376c72021-12-21 11:31:16.946root 11241100x8000000000000000537162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a595895aa9bda1d2021-12-21 11:31:16.946root 11241100x8000000000000000537163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68df4ad95a159ee72021-12-21 11:31:16.946root 11241100x8000000000000000537164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb25c8a2a4415762021-12-21 11:31:16.946root 11241100x8000000000000000537165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31d97490e3b7c502021-12-21 11:31:16.946root 11241100x8000000000000000537166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2116e81c1a8e812021-12-21 11:31:16.946root 11241100x8000000000000000537167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944dd6d05ac3d9f52021-12-21 11:31:16.946root 11241100x8000000000000000537168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e3d8b6086783842021-12-21 11:31:17.443root 11241100x8000000000000000537169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e37a3dc01fe22672021-12-21 11:31:17.443root 11241100x8000000000000000537170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e54cf8e4421770e2021-12-21 11:31:17.443root 11241100x8000000000000000537171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66844f64b5e1802021-12-21 11:31:17.443root 11241100x8000000000000000537172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b3225c18907732021-12-21 11:31:17.443root 11241100x8000000000000000537173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b45c66bcc76888f2021-12-21 11:31:17.443root 11241100x8000000000000000537174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbcc496c024eb382021-12-21 11:31:17.443root 11241100x8000000000000000537175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fd021c86228c3c2021-12-21 11:31:17.444root 11241100x8000000000000000537176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60db9fa4a57349be2021-12-21 11:31:17.444root 11241100x8000000000000000537177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f129ee2d2caa36b2021-12-21 11:31:17.444root 11241100x8000000000000000537178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9719e7da50f31f2021-12-21 11:31:17.444root 11241100x8000000000000000537179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687b82a68ef5eb6c2021-12-21 11:31:17.444root 11241100x8000000000000000537180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b5c70c1a09b4a2021-12-21 11:31:17.444root 11241100x8000000000000000537181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f23555331769572021-12-21 11:31:17.444root 11241100x8000000000000000537182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151c961ee4799492021-12-21 11:31:17.444root 11241100x8000000000000000537183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7909ef8ea592d92021-12-21 11:31:17.444root 11241100x8000000000000000537184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e9c40fdde690722021-12-21 11:31:17.444root 11241100x8000000000000000537185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2933ced68e8015752021-12-21 11:31:17.444root 11241100x8000000000000000537186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e6f219b44b40f92021-12-21 11:31:17.445root 11241100x8000000000000000537187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a0ccaca41395c72021-12-21 11:31:17.445root 11241100x8000000000000000537188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7065bdb56d203012021-12-21 11:31:17.445root 11241100x8000000000000000537189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4c421d0e1d42c52021-12-21 11:31:17.445root 11241100x8000000000000000537190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8848253d819303912021-12-21 11:31:17.445root 11241100x8000000000000000537191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373aa032bbcabe362021-12-21 11:31:17.445root 11241100x8000000000000000537192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a638a63053a75622021-12-21 11:31:17.942root 11241100x8000000000000000537193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b183cd2e0a6b7c2021-12-21 11:31:17.943root 11241100x8000000000000000537194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d9f6531881adb02021-12-21 11:31:17.943root 11241100x8000000000000000537195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5297c57e64868ac72021-12-21 11:31:17.943root 11241100x8000000000000000537196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a1c1ccf5327eb2021-12-21 11:31:17.943root 11241100x8000000000000000537197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e18ad47b4aa57942021-12-21 11:31:17.943root 11241100x8000000000000000537198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90fe27545c8d202021-12-21 11:31:17.943root 11241100x8000000000000000537199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e4cb300d0fea5d2021-12-21 11:31:17.943root 11241100x8000000000000000537200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4788d468707f32021-12-21 11:31:17.943root 11241100x8000000000000000537201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701f4977cfac36cd2021-12-21 11:31:17.943root 11241100x8000000000000000537202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666cec34a47cd97c2021-12-21 11:31:17.943root 11241100x8000000000000000537203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff20df4a7eabe5fc2021-12-21 11:31:17.943root 11241100x8000000000000000537204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632b0e7f841efb7e2021-12-21 11:31:17.943root 11241100x8000000000000000537205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a4f0072f5060a62021-12-21 11:31:17.943root 11241100x8000000000000000537206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f988f7bdf02392021-12-21 11:31:17.944root 11241100x8000000000000000537207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e3074921bb6ed2021-12-21 11:31:17.944root 11241100x8000000000000000537208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47abff3ee6e78aae2021-12-21 11:31:17.944root 11241100x8000000000000000537209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5002e4c984add1c52021-12-21 11:31:17.944root 11241100x8000000000000000537210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8c67b246192d3e2021-12-21 11:31:17.944root 11241100x8000000000000000537211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc6d85f2eb01e0d2021-12-21 11:31:17.944root 11241100x8000000000000000537212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a498f2907271da92021-12-21 11:31:17.944root 11241100x8000000000000000537213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9a186eb523d782021-12-21 11:31:17.944root 11241100x8000000000000000537214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ae2442e33d798a2021-12-21 11:31:17.945root 11241100x8000000000000000537215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3db65cd6f5e352021-12-21 11:31:17.945root 11241100x8000000000000000537216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcba61fbc86cd432021-12-21 11:31:17.945root 11241100x8000000000000000537217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cfb4808f46153d2021-12-21 11:31:18.443root 11241100x8000000000000000537218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43c52d537f4d91a2021-12-21 11:31:18.443root 11241100x8000000000000000537219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0fcd9cca34f4992021-12-21 11:31:18.443root 11241100x8000000000000000537220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2221f79ea733212021-12-21 11:31:18.444root 11241100x8000000000000000537221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031b09adcef71a02021-12-21 11:31:18.444root 11241100x8000000000000000537222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a18de4bef359932021-12-21 11:31:18.444root 11241100x8000000000000000537223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2143dd2893470e92021-12-21 11:31:18.444root 11241100x8000000000000000537224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43177e3348a92aa62021-12-21 11:31:18.444root 11241100x8000000000000000537225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68835b812e81fa882021-12-21 11:31:18.444root 11241100x8000000000000000537226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51692706af12e2222021-12-21 11:31:18.444root 11241100x8000000000000000537227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c8aacf18c367762021-12-21 11:31:18.444root 11241100x8000000000000000537228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e212dc933bc2552021-12-21 11:31:18.444root 11241100x8000000000000000537229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b6b3e5b4b6c5f82021-12-21 11:31:18.444root 11241100x8000000000000000537230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b48d425b83ae9e92021-12-21 11:31:18.445root 11241100x8000000000000000537231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89708eae5bfc18ce2021-12-21 11:31:18.445root 11241100x8000000000000000537232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902e49776673e7de2021-12-21 11:31:18.445root 11241100x8000000000000000537233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9565a2b7c1ca050c2021-12-21 11:31:18.445root 11241100x8000000000000000537234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eb84037c5ae0172021-12-21 11:31:18.446root 11241100x8000000000000000537235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da9e835af178cd12021-12-21 11:31:18.446root 11241100x8000000000000000537236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21135f9998f20ac2021-12-21 11:31:18.446root 11241100x8000000000000000537237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5988c04886537f4f2021-12-21 11:31:18.446root 11241100x8000000000000000537238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6403597b30d2ab2021-12-21 11:31:18.446root 11241100x8000000000000000537239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cc564eb50aa00c2021-12-21 11:31:18.447root 11241100x8000000000000000537240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f25261a1c5fb152021-12-21 11:31:18.447root 11241100x8000000000000000537241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b81b66dc3f53ea2021-12-21 11:31:18.943root 11241100x8000000000000000537242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1cb2666ccc50402021-12-21 11:31:18.943root 11241100x8000000000000000537243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd9d879ae9b8f762021-12-21 11:31:18.943root 11241100x8000000000000000537244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed357e5aaf520bb2021-12-21 11:31:18.943root 11241100x8000000000000000537245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c610f230ecfed2021-12-21 11:31:18.943root 11241100x8000000000000000537246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e82257849ed9aa2021-12-21 11:31:18.944root 11241100x8000000000000000537247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a38aea88fa72462021-12-21 11:31:18.944root 11241100x8000000000000000537248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee621d693f247b432021-12-21 11:31:18.944root 11241100x8000000000000000537249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2089fffd21c73d32021-12-21 11:31:18.944root 11241100x8000000000000000537250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39b3cd7ff77ba012021-12-21 11:31:18.944root 11241100x8000000000000000537251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbecc47edd30de7e2021-12-21 11:31:18.944root 11241100x8000000000000000537252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d8cce114cc43d02021-12-21 11:31:18.944root 11241100x8000000000000000537253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86d61962f04f98c2021-12-21 11:31:18.944root 11241100x8000000000000000537254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946f048dcdbc8c042021-12-21 11:31:18.944root 11241100x8000000000000000537255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cba1c656f739ce2021-12-21 11:31:18.944root 11241100x8000000000000000537256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09317b910723ca92021-12-21 11:31:18.944root 11241100x8000000000000000537257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacec7f3235027732021-12-21 11:31:18.944root 11241100x8000000000000000537258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0e92ea249f02322021-12-21 11:31:18.945root 11241100x8000000000000000537259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c93f84cef7a8582021-12-21 11:31:18.946root 11241100x8000000000000000537260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b678b099055dd5f2021-12-21 11:31:18.946root 11241100x8000000000000000537261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bf0f9153fcd72b2021-12-21 11:31:18.946root 11241100x8000000000000000537262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a20da6ed3e27c2021-12-21 11:31:18.946root 11241100x8000000000000000537263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800a7e6f823403b92021-12-21 11:31:18.946root 11241100x8000000000000000537264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4be2d9a25533d2021-12-21 11:31:18.946root 11241100x8000000000000000537265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2b30f0fd5163df2021-12-21 11:31:18.946root 11241100x8000000000000000537266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85dc55323e83edf2021-12-21 11:31:18.947root 11241100x8000000000000000537267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25ef53073e30b092021-12-21 11:31:18.947root 11241100x8000000000000000537268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678112b4acabf6d42021-12-21 11:31:18.947root 11241100x8000000000000000537269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0933c95b3896412021-12-21 11:31:18.947root 11241100x8000000000000000537270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb18d3f4ff820b2021-12-21 11:31:18.947root 11241100x8000000000000000537271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50886f3d8b711e162021-12-21 11:31:18.947root 11241100x8000000000000000537272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb2ee120c68f71b2021-12-21 11:31:18.947root 11241100x8000000000000000537273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7255b9538f1d81e2021-12-21 11:31:18.947root 11241100x8000000000000000537274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525691201fbe25b72021-12-21 11:31:18.948root 11241100x8000000000000000537275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f2e581d10ea972021-12-21 11:31:19.443root 11241100x8000000000000000537276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6d027186711eb12021-12-21 11:31:19.443root 11241100x8000000000000000537277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80017f449cbc89df2021-12-21 11:31:19.443root 11241100x8000000000000000537278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64fa9d88a89724b2021-12-21 11:31:19.443root 11241100x8000000000000000537279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94392ac63c19d782021-12-21 11:31:19.443root 11241100x8000000000000000537280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f95ef88f0ac0fb2021-12-21 11:31:19.443root 11241100x8000000000000000537281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad7dd1cbdc298082021-12-21 11:31:19.443root 11241100x8000000000000000537282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbb249baf489dd42021-12-21 11:31:19.444root 11241100x8000000000000000537283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eee054b608de672021-12-21 11:31:19.444root 11241100x8000000000000000537284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2314c0562d35682021-12-21 11:31:19.444root 11241100x8000000000000000537285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3da50d192fb19ed2021-12-21 11:31:19.444root 11241100x8000000000000000537286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46a6cd64c5e5aaf2021-12-21 11:31:19.444root 11241100x8000000000000000537287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e4009ed83615b82021-12-21 11:31:19.444root 11241100x8000000000000000537288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2af59f0ac3754e2021-12-21 11:31:19.444root 11241100x8000000000000000537289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba791052a4513a2021-12-21 11:31:19.444root 11241100x8000000000000000537290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f0891a3ecd5c492021-12-21 11:31:19.444root 11241100x8000000000000000537291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f2c8b39f4ef692021-12-21 11:31:19.444root 11241100x8000000000000000537292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5525bc3338f2af032021-12-21 11:31:19.444root 11241100x8000000000000000537293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c368623b0f39622021-12-21 11:31:19.444root 11241100x8000000000000000537294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa756f1a2b59a22021-12-21 11:31:19.444root 11241100x8000000000000000537295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4da7b42c2ff97ab2021-12-21 11:31:19.444root 11241100x8000000000000000537296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc99ef80b43e5c2021-12-21 11:31:19.445root 11241100x8000000000000000537297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1733ac1738980d4d2021-12-21 11:31:19.445root 11241100x8000000000000000537298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49eeda650c175212021-12-21 11:31:19.445root 11241100x8000000000000000537299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd08e4c47b934df02021-12-21 11:31:19.943root 11241100x8000000000000000537300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bebab8f2a9182d2021-12-21 11:31:19.943root 11241100x8000000000000000537301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0fe599116707b62021-12-21 11:31:19.943root 11241100x8000000000000000537302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f19de8956da7f52021-12-21 11:31:19.943root 11241100x8000000000000000537303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167dfcc784273e2f2021-12-21 11:31:19.943root 11241100x8000000000000000537304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33aa98e8f4e3c4e2021-12-21 11:31:19.943root 11241100x8000000000000000537305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b007f566a1954e2021-12-21 11:31:19.943root 11241100x8000000000000000537306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5533186f27044ccd2021-12-21 11:31:19.944root 11241100x8000000000000000537307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647fd49c2094b9342021-12-21 11:31:19.944root 11241100x8000000000000000537308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009074a27d11ae542021-12-21 11:31:19.944root 11241100x8000000000000000537309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6ffaa2174ac5442021-12-21 11:31:19.944root 11241100x8000000000000000537310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe377109ca7f7b2021-12-21 11:31:19.944root 11241100x8000000000000000537311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9d71ea66f86b6c2021-12-21 11:31:19.944root 11241100x8000000000000000537312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1cb74875b703682021-12-21 11:31:19.944root 11241100x8000000000000000537313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fceda4209b4bc62021-12-21 11:31:19.944root 11241100x8000000000000000537314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35221a10ed544e332021-12-21 11:31:19.944root 11241100x8000000000000000537315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aacbe90b7c7d28b2021-12-21 11:31:19.944root 11241100x8000000000000000537316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ed3c1fe6d509d2021-12-21 11:31:19.944root 11241100x8000000000000000537317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3ca01fda6ddd172021-12-21 11:31:19.944root 11241100x8000000000000000537318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb39f9d249481e2021-12-21 11:31:19.944root 11241100x8000000000000000537319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b24a47cc8a37f42021-12-21 11:31:19.944root 11241100x8000000000000000537320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfbed992d1b88332021-12-21 11:31:19.944root 11241100x8000000000000000537321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5bd1a19797fde32021-12-21 11:31:19.944root 11241100x8000000000000000537322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2293f28a7375e82021-12-21 11:31:19.945root 11241100x8000000000000000537323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf991d7d92e02092021-12-21 11:31:19.945root 11241100x8000000000000000537324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d4b0cafe298fdd2021-12-21 11:31:19.945root 11241100x8000000000000000537325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4649d864ca291b42021-12-21 11:31:19.945root 11241100x8000000000000000537326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a3641b1e1138db2021-12-21 11:31:19.945root 11241100x8000000000000000537327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f91ae5bd138e82021-12-21 11:31:19.945root 11241100x8000000000000000537328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562f0e07ffc86e112021-12-21 11:31:19.945root 154100x8000000000000000537329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.946{ec2b6afe-bb07-61c1-68e4-9a6690550000}9882/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000537330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:19.958{ec2b6afe-bb07-61c1-68e4-9a6690550000}9882/bin/psroot 11241100x8000000000000000537331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab1d9e48774e6b2021-12-21 11:31:20.443root 11241100x8000000000000000537332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55e1376299d9b72021-12-21 11:31:20.443root 11241100x8000000000000000537333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1af1b4a13527d62021-12-21 11:31:20.443root 11241100x8000000000000000537334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b1e2d482b3c4e12021-12-21 11:31:20.443root 11241100x8000000000000000537335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306f1c0a8fdef8e2021-12-21 11:31:20.444root 11241100x8000000000000000537336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6537b2fa2f042e6e2021-12-21 11:31:20.444root 11241100x8000000000000000537337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb7d989013320fd2021-12-21 11:31:20.444root 11241100x8000000000000000537338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c741b3d0129ce59c2021-12-21 11:31:20.444root 11241100x8000000000000000537339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d358cf66580342021-12-21 11:31:20.444root 11241100x8000000000000000537340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36928392686d2efc2021-12-21 11:31:20.444root 11241100x8000000000000000537341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb00cf8f1f527212021-12-21 11:31:20.444root 11241100x8000000000000000537342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c98f71491ebec02021-12-21 11:31:20.444root 11241100x8000000000000000537343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7a459ef906fcef2021-12-21 11:31:20.444root 11241100x8000000000000000537344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d8fa28a4501da2021-12-21 11:31:20.444root 11241100x8000000000000000537345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57daab704ae5a03b2021-12-21 11:31:20.444root 11241100x8000000000000000537346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cc8ee328bdd3d32021-12-21 11:31:20.444root 11241100x8000000000000000537347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd2a8a61fffc12b2021-12-21 11:31:20.444root 11241100x8000000000000000537348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7572f001998fdb52021-12-21 11:31:20.444root 11241100x8000000000000000537349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a586a5786be3f2742021-12-21 11:31:20.444root 11241100x8000000000000000537350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c6473aa55d76372021-12-21 11:31:20.445root 11241100x8000000000000000537351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed3bdae33c763f22021-12-21 11:31:20.445root 11241100x8000000000000000537352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5989e6dd92edb02021-12-21 11:31:20.445root 11241100x8000000000000000537353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec26655c61cce102021-12-21 11:31:20.445root 11241100x8000000000000000537354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d354adb66650548f2021-12-21 11:31:20.445root 11241100x8000000000000000537355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba74a3bbebafcae82021-12-21 11:31:20.445root 11241100x8000000000000000537356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c44c45d08251fe92021-12-21 11:31:20.445root 11241100x8000000000000000537357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb84443dd5f927e2021-12-21 11:31:20.943root 11241100x8000000000000000537358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fa9367dc2a32782021-12-21 11:31:20.943root 11241100x8000000000000000537359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d27520b7001bc8b2021-12-21 11:31:20.943root 11241100x8000000000000000537360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a91f8091fde84d2021-12-21 11:31:20.943root 11241100x8000000000000000537361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ff2d08ff52f6022021-12-21 11:31:20.943root 11241100x8000000000000000537362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422b9d7bbc84cfea2021-12-21 11:31:20.943root 11241100x8000000000000000537363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc22d5e7eb88fad2021-12-21 11:31:20.943root 11241100x8000000000000000537364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7017ff4ea50b88b2021-12-21 11:31:20.943root 11241100x8000000000000000537365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b31c1d6f2d34f852021-12-21 11:31:20.943root 11241100x8000000000000000537366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f92e6c6644ca802021-12-21 11:31:20.944root 11241100x8000000000000000537367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f7e336492aae082021-12-21 11:31:20.944root 11241100x8000000000000000537368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb82348a59889b52021-12-21 11:31:20.944root 11241100x8000000000000000537369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d185ea727d2aa0462021-12-21 11:31:20.944root 11241100x8000000000000000537370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f280e47e4989c7c2021-12-21 11:31:20.944root 11241100x8000000000000000537371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d08e95b029c2ea2021-12-21 11:31:20.944root 11241100x8000000000000000537372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01868403903e6912021-12-21 11:31:20.944root 11241100x8000000000000000537373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c34b04da1a0ea92021-12-21 11:31:20.944root 11241100x8000000000000000537374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c13c13bea9cc8e2021-12-21 11:31:20.944root 11241100x8000000000000000537375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949187677786a6f2021-12-21 11:31:20.945root 11241100x8000000000000000537376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b16328ac3cdad0a2021-12-21 11:31:20.945root 11241100x8000000000000000537377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370cae8db46c606d2021-12-21 11:31:20.945root 11241100x8000000000000000537378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246a5bedea03d81f2021-12-21 11:31:20.945root 11241100x8000000000000000537379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f386a303c5542eb2021-12-21 11:31:20.946root 11241100x8000000000000000537380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca645bd8adcf75f2021-12-21 11:31:20.946root 11241100x8000000000000000537381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a0a45b6425445d2021-12-21 11:31:20.946root 11241100x8000000000000000537382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2965b7b02ff196ff2021-12-21 11:31:20.946root 11241100x8000000000000000537383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cff3a03bcd85a12021-12-21 11:31:20.946root 11241100x8000000000000000537384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fbd75a48363e362021-12-21 11:31:20.946root 354300x8000000000000000537385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.222{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48658-false10.0.1.12-8000- 11241100x8000000000000000537386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cb15197fdd54282021-12-21 11:31:21.223root 11241100x8000000000000000537387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deac855272da1aae2021-12-21 11:31:21.223root 11241100x8000000000000000537388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b6e2ae9b7a7e82021-12-21 11:31:21.223root 11241100x8000000000000000537389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc76a5952dc82abf2021-12-21 11:31:21.223root 11241100x8000000000000000537390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb6cab4272bc2232021-12-21 11:31:21.223root 11241100x8000000000000000537391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b852d63a70c7c9a2021-12-21 11:31:21.223root 11241100x8000000000000000537392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cb2d2644e1292c2021-12-21 11:31:21.223root 11241100x8000000000000000537393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be059ad0dd219582021-12-21 11:31:21.223root 11241100x8000000000000000537394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7209e3f9821535c2021-12-21 11:31:21.223root 11241100x8000000000000000537395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5edc7845786dd782021-12-21 11:31:21.224root 11241100x8000000000000000537396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51ac902aa361ca42021-12-21 11:31:21.224root 11241100x8000000000000000537397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd403aec631b76ba2021-12-21 11:31:21.224root 11241100x8000000000000000537398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4889f6708e3993302021-12-21 11:31:21.224root 11241100x8000000000000000537399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f55aadf5679ff182021-12-21 11:31:21.224root 11241100x8000000000000000537400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa68c53241c1ad9b2021-12-21 11:31:21.224root 11241100x8000000000000000537401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd5f6ab66e8c8772021-12-21 11:31:21.224root 11241100x8000000000000000537402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699769b6b029c742021-12-21 11:31:21.224root 11241100x8000000000000000537403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ad75f13fc64702021-12-21 11:31:21.224root 11241100x8000000000000000537404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4162433d8d18242021-12-21 11:31:21.224root 11241100x8000000000000000537405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1322b325081789222021-12-21 11:31:21.225root 11241100x8000000000000000537406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b85ba00a54b5a2021-12-21 11:31:21.225root 11241100x8000000000000000537407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9790250f18bfaea32021-12-21 11:31:21.225root 11241100x8000000000000000537408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9696fa244e3fad042021-12-21 11:31:21.225root 11241100x8000000000000000537409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d81eb433a0d852021-12-21 11:31:21.225root 11241100x8000000000000000537410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91484118d4a42622021-12-21 11:31:21.225root 11241100x8000000000000000537411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde52056bd8a3dfc2021-12-21 11:31:21.225root 11241100x8000000000000000537412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ed5f971e3cada2021-12-21 11:31:21.225root 11241100x8000000000000000537413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0279e0a785f5c62021-12-21 11:31:21.225root 11241100x8000000000000000537414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631848748730ded42021-12-21 11:31:21.225root 11241100x8000000000000000537415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c66d21475a8176f2021-12-21 11:31:21.225root 11241100x8000000000000000537416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bb8d807f29e27d2021-12-21 11:31:21.225root 11241100x8000000000000000537417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3dbb42e820c7e72021-12-21 11:31:21.226root 11241100x8000000000000000537418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7b5f3c76345092021-12-21 11:31:21.226root 11241100x8000000000000000537419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a09a53da0b4112021-12-21 11:31:21.226root 11241100x8000000000000000537420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67284903794a05fa2021-12-21 11:31:21.226root 11241100x8000000000000000537421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd05ab6566499b2021-12-21 11:31:21.226root 11241100x8000000000000000537422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f3d3ed9ce0c2f2021-12-21 11:31:21.226root 11241100x8000000000000000537423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c498a310fdc7662021-12-21 11:31:21.226root 11241100x8000000000000000537424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5584e48e81da6972021-12-21 11:31:21.226root 11241100x8000000000000000537425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef45b5fe817c64f2021-12-21 11:31:21.226root 11241100x8000000000000000537426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85746ee0ccd443032021-12-21 11:31:21.693root 11241100x8000000000000000537427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f043e0d989938a2021-12-21 11:31:21.693root 11241100x8000000000000000537428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da39d31bf741e9c2021-12-21 11:31:21.693root 11241100x8000000000000000537429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5afde3801c108e2021-12-21 11:31:21.694root 11241100x8000000000000000537430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64e3a00a3f7fb0a2021-12-21 11:31:21.694root 11241100x8000000000000000537431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a514c3698f4d2502021-12-21 11:31:21.694root 11241100x8000000000000000537432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95f1e9443ffff832021-12-21 11:31:21.694root 11241100x8000000000000000537433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efaf61ec90ac1f62021-12-21 11:31:21.694root 11241100x8000000000000000537434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224357aaadf82ff72021-12-21 11:31:21.694root 11241100x8000000000000000537435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7c3e4634f887722021-12-21 11:31:21.694root 11241100x8000000000000000537436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae32c95f6ece2ab82021-12-21 11:31:21.694root 11241100x8000000000000000537437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71815cf26de469f62021-12-21 11:31:21.694root 11241100x8000000000000000537438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb26ead731ed682021-12-21 11:31:21.695root 354300x8000000000000000537468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:32.056{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48664-false10.0.1.12-8000- 11241100x8000000000000000537469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a61e42f78268e22021-12-21 11:31:32.442root 11241100x8000000000000000537470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99d3221caa84942021-12-21 11:31:32.942root 11241100x8000000000000000537471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d417204875da807d2021-12-21 11:31:33.442root 11241100x8000000000000000537472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcea5f770b561a92021-12-21 11:31:33.942root 11241100x8000000000000000537473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f7d76ef3dd13b12021-12-21 11:31:34.442root 11241100x8000000000000000537474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8affae2883841dd2021-12-21 11:31:34.942root 11241100x8000000000000000537475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35217ca2249d2a212021-12-21 11:31:35.442root 11241100x8000000000000000537476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac20ab1118f8b7f2021-12-21 11:31:35.942root 11241100x8000000000000000537477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:31:36.326root 11241100x8000000000000000537478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f836c621efc6d2021-12-21 11:31:36.327root 11241100x8000000000000000537479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4cb7a1962541412021-12-21 11:31:36.328root 11241100x8000000000000000537480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e44083c3965dc72021-12-21 11:31:36.692root 11241100x8000000000000000537481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e56b853bb35a4322021-12-21 11:31:36.693root 11241100x8000000000000000537482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7989b239e7f81e392021-12-21 11:31:37.192root 11241100x8000000000000000537483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cdf9c527e2fa612021-12-21 11:31:37.193root 11241100x8000000000000000537484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbbb92c42db422c2021-12-21 11:31:37.692root 11241100x8000000000000000537485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f9d9c06e313fa52021-12-21 11:31:37.693root 354300x8000000000000000537486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.035{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48666-false10.0.1.12-8000- 11241100x8000000000000000537487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b09d91064bedf522021-12-21 11:31:38.036root 11241100x8000000000000000537488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4782f115b440d5c82021-12-21 11:31:38.036root 11241100x8000000000000000537489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1211a29a1c265172021-12-21 11:31:38.442root 11241100x8000000000000000537490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1620aa7f0fc3072021-12-21 11:31:38.443root 11241100x8000000000000000537491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7fe42fd04b724c2021-12-21 11:31:38.443root 11241100x8000000000000000537492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf51a29f73043d72021-12-21 11:31:38.942root 11241100x8000000000000000537493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44abec501bddea112021-12-21 11:31:38.943root 11241100x8000000000000000537494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc42202fe8453b02021-12-21 11:31:38.943root 23542300x8000000000000000537495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000537496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c894b98986976e62021-12-21 11:31:39.329root 11241100x8000000000000000537497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf8e3bc7b4e69542021-12-21 11:31:39.330root 11241100x8000000000000000537498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70714d213be62b9c2021-12-21 11:31:39.330root 11241100x8000000000000000537499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c959396f0d99e6902021-12-21 11:31:39.692root 11241100x8000000000000000537500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a1afb2ed2b43f12021-12-21 11:31:39.693root 11241100x8000000000000000537501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a764cd564e685a2021-12-21 11:31:39.693root 11241100x8000000000000000537502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a286c82e3f1d22021-12-21 11:31:39.693root 11241100x8000000000000000537503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dbb100a5eed96a2021-12-21 11:31:40.192root 11241100x8000000000000000537504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95131cbdd9113cce2021-12-21 11:31:40.193root 11241100x8000000000000000537505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d1be1beb73db232021-12-21 11:31:40.193root 11241100x8000000000000000537506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d8992ec32d9bee2021-12-21 11:31:40.193root 11241100x8000000000000000537507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a8dd83f5cf343b2021-12-21 11:31:40.692root 11241100x8000000000000000537508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f6319ad567008f2021-12-21 11:31:40.693root 11241100x8000000000000000537509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a81eb64cdbeb7f2021-12-21 11:31:40.693root 11241100x8000000000000000537510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ac8ebf7d51d5a52021-12-21 11:31:40.693root 11241100x8000000000000000537511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e008b900f661062021-12-21 11:31:41.193root 11241100x8000000000000000537512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9d279d8db42f1d2021-12-21 11:31:41.193root 11241100x8000000000000000537513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b71f1387a51d952021-12-21 11:31:41.193root 11241100x8000000000000000537514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973c3452856062002021-12-21 11:31:41.193root 11241100x8000000000000000537515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f02ad8a0a1e1cd02021-12-21 11:31:41.692root 11241100x8000000000000000537516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0153e4e859c21e72021-12-21 11:31:41.693root 11241100x8000000000000000537517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2f96d9afcdbe622021-12-21 11:31:41.693root 11241100x8000000000000000537518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ae2c0c9e37b5032021-12-21 11:31:41.693root 11241100x8000000000000000537519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa983cc28ae13c762021-12-21 11:31:42.192root 11241100x8000000000000000537520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f356865a4bce9ada2021-12-21 11:31:42.193root 11241100x8000000000000000537521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd5b2787ea28b802021-12-21 11:31:42.193root 11241100x8000000000000000537522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bbcefe5642a9382021-12-21 11:31:42.193root 11241100x8000000000000000537523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0cb4a243f21ad02021-12-21 11:31:42.693root 11241100x8000000000000000537524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787d7262429a86ea2021-12-21 11:31:42.693root 11241100x8000000000000000537525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978e2df856786aa62021-12-21 11:31:42.693root 11241100x8000000000000000537526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8c0ec1a267ec2e2021-12-21 11:31:42.694root 11241100x8000000000000000537527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bc0b599c739f152021-12-21 11:31:43.192root 11241100x8000000000000000537528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d941048c2883a2021-12-21 11:31:43.193root 11241100x8000000000000000537529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d16357fb1d16df2021-12-21 11:31:43.193root 11241100x8000000000000000537530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ea58fcb24fe4e12021-12-21 11:31:43.193root 354300x8000000000000000537531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48668-false10.0.1.12-8000- 11241100x8000000000000000537532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27767ce84f065972021-12-21 11:31:43.693root 11241100x8000000000000000537533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f07f3e61d61c0a2021-12-21 11:31:43.693root 11241100x8000000000000000537534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b89738411308d2a2021-12-21 11:31:43.693root 11241100x8000000000000000537535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b23e7efd0387ff2021-12-21 11:31:43.694root 11241100x8000000000000000537536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd82ccff431eb6f2021-12-21 11:31:43.694root 11241100x8000000000000000537537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc993695f12dc022021-12-21 11:31:44.192root 11241100x8000000000000000537538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef025073b8a56ff2021-12-21 11:31:44.193root 11241100x8000000000000000537539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5d31cbb2e0f9b22021-12-21 11:31:44.193root 11241100x8000000000000000537540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b812ef3f836482c2021-12-21 11:31:44.193root 11241100x8000000000000000537541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ce554caeb7a8e62021-12-21 11:31:44.194root 11241100x8000000000000000537542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc6343703fdbfa12021-12-21 11:31:44.693root 11241100x8000000000000000537543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ad44d7170b000c2021-12-21 11:31:44.693root 11241100x8000000000000000537544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525be4d49e64d1f52021-12-21 11:31:44.693root 11241100x8000000000000000537545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0408e140abc3b72021-12-21 11:31:44.693root 11241100x8000000000000000537546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdce7e296da224f2021-12-21 11:31:44.693root 534500x8000000000000000537547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.894{00000000-0000-0000-0000-000000000000}9883<unknown process>ubuntu 534500x8000000000000000537548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.897{00000000-0000-0000-0000-000000000000}9884<unknown process>ubuntu 534500x8000000000000000537549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.899{00000000-0000-0000-0000-000000000000}9885<unknown process>ubuntu 11241100x8000000000000000537550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.899{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.FA1jYY2021-12-21 11:31:44.899ubuntu 23542300x8000000000000000537551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:44.899{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.FA1jYY--- 11241100x8000000000000000537552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6962ff4382d325762021-12-21 11:31:45.193root 11241100x8000000000000000537553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b57f128bb950202021-12-21 11:31:45.193root 11241100x8000000000000000537554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190509dc4382400f2021-12-21 11:31:45.193root 11241100x8000000000000000537555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5a0667b2b4988d2021-12-21 11:31:45.193root 11241100x8000000000000000537556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810247f9367063a32021-12-21 11:31:45.193root 11241100x8000000000000000537557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d7568e1c908cae2021-12-21 11:31:45.193root 11241100x8000000000000000537558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74ec0d52ddfc02a2021-12-21 11:31:45.193root 11241100x8000000000000000537559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b4d71ab0bace4a2021-12-21 11:31:45.193root 11241100x8000000000000000537560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb654ee4e064fc3c2021-12-21 11:31:45.194root 11241100x8000000000000000537561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ecdb9a408058932021-12-21 11:31:45.194root 11241100x8000000000000000537562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b43f68867972d2021-12-21 11:31:45.194root 11241100x8000000000000000537563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54fdd91a42669672021-12-21 11:31:45.194root 11241100x8000000000000000537564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64bf19a9771600c2021-12-21 11:31:45.194root 11241100x8000000000000000537565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319a339e57ea05462021-12-21 11:31:45.195root 154100x8000000000000000537566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.479{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudo-----sudo setcap cap_setuid=ep ./evil_bin/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000537567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1305178a5d3ef62021-12-21 11:31:45.482root 11241100x8000000000000000537568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46808692c8af1c062021-12-21 11:31:45.482root 11241100x8000000000000000537569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecdd0bf2cba3a652021-12-21 11:31:45.482root 11241100x8000000000000000537570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd5d359b6a188112021-12-21 11:31:45.482root 11241100x8000000000000000537571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c866c5f600671b2021-12-21 11:31:45.483root 11241100x8000000000000000537572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67055c82039cbc762021-12-21 11:31:45.483root 11241100x8000000000000000537573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465fb80ce584e79d2021-12-21 11:31:45.484root 11241100x8000000000000000537574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221a983fe9496b4d2021-12-21 11:31:45.484root 11241100x8000000000000000537575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a1ccc63d8a68a92021-12-21 11:31:45.484root 11241100x8000000000000000537576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bdb63ecdb8a0b62021-12-21 11:31:45.484root 11241100x8000000000000000537577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cdd567e249ef112021-12-21 11:31:45.484root 354300x8000000000000000537578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.485{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoubuntuudptruefalse127.0.0.1-53189-false127.0.0.53-53- 354300x8000000000000000537579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.486{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-57495-false10.0.0.2-53- 354300x8000000000000000537580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.486{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-55401-false10.0.0.2-53- 354300x8000000000000000537581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.487{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53189- 354300x8000000000000000537582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.487{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-53189- 354300x8000000000000000537583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.498{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoubuntuudptruefalse127.0.0.1-46353-false127.0.0.53-53- 354300x8000000000000000537584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.498{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-46353- 154100x8000000000000000537585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.504{ec2b6afe-bb21-61c1-8077-a5381b560000}9887/sbin/setcap-----setcap cap_setuid=ep ./evil_bin/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudosudoubuntu 534500x8000000000000000537586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.504{ec2b6afe-bb21-61c1-8077-a5381b560000}9887/sbin/setcaproot 534500x8000000000000000537587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.505{ec2b6afe-bb21-61c1-089e-285c01560000}9886/usr/bin/sudoroot 11241100x8000000000000000537588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05876c40a16b3ecd2021-12-21 11:31:45.943root 11241100x8000000000000000537589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e02788226f83f8a2021-12-21 11:31:45.943root 11241100x8000000000000000537590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a93559d8356c54d2021-12-21 11:31:45.943root 11241100x8000000000000000537591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17ff8a385246332021-12-21 11:31:45.943root 11241100x8000000000000000537592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb2a8debd13f0c2021-12-21 11:31:45.944root 11241100x8000000000000000537593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fdc3eadbad4dc72021-12-21 11:31:45.944root 11241100x8000000000000000537594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae44b247a01865962021-12-21 11:31:45.944root 11241100x8000000000000000537595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dd82d3630b5c062021-12-21 11:31:45.944root 11241100x8000000000000000537596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eec97bbf986a062021-12-21 11:31:45.944root 11241100x8000000000000000537597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99cfbba855e8382021-12-21 11:31:45.944root 11241100x8000000000000000537598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0441666b79ba29b2021-12-21 11:31:45.944root 11241100x8000000000000000537599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78687984e247b3a62021-12-21 11:31:45.944root 11241100x8000000000000000537600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8af45d419faf22021-12-21 11:31:45.944root 11241100x8000000000000000537601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87dc638ac33fb962021-12-21 11:31:45.944root 11241100x8000000000000000537602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382a9b5d43f61d842021-12-21 11:31:45.945root 11241100x8000000000000000537603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681592b82bb2b9a42021-12-21 11:31:45.945root 11241100x8000000000000000537604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c39066c0f273ac2021-12-21 11:31:45.945root 11241100x8000000000000000537605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0981cc6d28e5eaf52021-12-21 11:31:45.945root 11241100x8000000000000000537606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e18679ec2f465c2021-12-21 11:31:45.945root 11241100x8000000000000000537607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b611f62cffce8c792021-12-21 11:31:45.946root 11241100x8000000000000000537608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314424bcafad3fc22021-12-21 11:31:45.947root 11241100x8000000000000000537609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9227a7b2422872f2021-12-21 11:31:46.443root 11241100x8000000000000000537610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231a97a737477ce82021-12-21 11:31:46.443root 11241100x8000000000000000537611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb60c30bf55b1d2021-12-21 11:31:46.443root 11241100x8000000000000000537612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd589aebe00461f82021-12-21 11:31:46.444root 11241100x8000000000000000537613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5f8788a97b81c72021-12-21 11:31:46.444root 11241100x8000000000000000537614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d4a483fdefe292021-12-21 11:31:46.444root 11241100x8000000000000000537615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7560d1ee9cd9422021-12-21 11:31:46.444root 11241100x8000000000000000537616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e2a7f70a78901c2021-12-21 11:31:46.444root 11241100x8000000000000000537617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c3cd7c0379c1f2021-12-21 11:31:46.444root 11241100x8000000000000000537618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a6b310aa925c7f2021-12-21 11:31:46.444root 11241100x8000000000000000537619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f29d553fed8d29e2021-12-21 11:31:46.444root 11241100x8000000000000000537620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025d9859e85486a2021-12-21 11:31:46.444root 11241100x8000000000000000537621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e4aa8fcbf020482021-12-21 11:31:46.444root 11241100x8000000000000000537622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600af384977447b52021-12-21 11:31:46.444root 11241100x8000000000000000537623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121a3f44bf4aff12021-12-21 11:31:46.444root 11241100x8000000000000000537624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8345378057e8892021-12-21 11:31:46.444root 11241100x8000000000000000537625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cac0dd0fa2df872021-12-21 11:31:46.444root 11241100x8000000000000000537626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712bac189925a1e22021-12-21 11:31:46.444root 11241100x8000000000000000537627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292515b5bb5f1f42021-12-21 11:31:46.444root 11241100x8000000000000000537628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e650d4ad090be7ea2021-12-21 11:31:46.445root 11241100x8000000000000000537629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aebfeb46477fb72021-12-21 11:31:46.445root 11241100x8000000000000000537630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf477949081cb8f32021-12-21 11:31:46.943root 11241100x8000000000000000537631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f5f619073f62b42021-12-21 11:31:46.943root 11241100x8000000000000000537632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834bbd782a2dfdc82021-12-21 11:31:46.943root 11241100x8000000000000000537633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd1076241e4a262021-12-21 11:31:46.943root 11241100x8000000000000000537634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8992614162fa26a22021-12-21 11:31:46.944root 11241100x8000000000000000537635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e789ff9307bb96d2021-12-21 11:31:46.944root 11241100x8000000000000000537636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95c312102dfdf902021-12-21 11:31:46.944root 11241100x8000000000000000537637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdb383655fbb4a52021-12-21 11:31:46.944root 11241100x8000000000000000537638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d34778dc1ba7922021-12-21 11:31:46.944root 11241100x8000000000000000537639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df80954c9c8ef8e72021-12-21 11:31:46.944root 11241100x8000000000000000537640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aaa00aa6de5b362021-12-21 11:31:46.944root 11241100x8000000000000000537641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9286a74b961bb2021-12-21 11:31:46.944root 11241100x8000000000000000537642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7be44e3a4727352021-12-21 11:31:46.944root 11241100x8000000000000000537643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98634b2c767c6f2021-12-21 11:31:46.944root 11241100x8000000000000000537644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe4b265c3b612c2021-12-21 11:31:46.944root 11241100x8000000000000000537645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10e5ebd4daea09a2021-12-21 11:31:46.944root 11241100x8000000000000000537646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab0a02367ecd7e2021-12-21 11:31:46.944root 11241100x8000000000000000537647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08759853cd60f0cd2021-12-21 11:31:46.944root 11241100x8000000000000000537648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abd755f9a07c1642021-12-21 11:31:46.944root 11241100x8000000000000000537649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2680afc2145a3c802021-12-21 11:31:46.944root 11241100x8000000000000000537650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103365c3a4e4f3182021-12-21 11:31:46.945root 11241100x8000000000000000537651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cbb5d25a0087a02021-12-21 11:31:47.443root 11241100x8000000000000000537652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d1a5d5047defe42021-12-21 11:31:47.443root 11241100x8000000000000000537653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196f2cd46dffcacc2021-12-21 11:31:47.444root 11241100x8000000000000000537654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9c5f62bcf8e3732021-12-21 11:31:47.444root 11241100x8000000000000000537655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fe991d7d49c01e2021-12-21 11:31:47.444root 11241100x8000000000000000537656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e87abac40e2ac912021-12-21 11:31:47.444root 11241100x8000000000000000537657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24392056777fc1e2021-12-21 11:31:47.444root 11241100x8000000000000000537658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e9c844f6306d182021-12-21 11:31:47.444root 11241100x8000000000000000537659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c81b096a6a2642021-12-21 11:31:47.444root 11241100x8000000000000000537660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48391b3af453b08c2021-12-21 11:31:47.444root 11241100x8000000000000000537661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716dd8211e70ab522021-12-21 11:31:47.444root 11241100x8000000000000000537662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc191a7923c9f93e2021-12-21 11:31:47.444root 11241100x8000000000000000537663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e795817ee80e1342021-12-21 11:31:47.444root 11241100x8000000000000000537664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9458857edc867162021-12-21 11:31:47.444root 11241100x8000000000000000537665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a7e82635ae9f9a2021-12-21 11:31:47.444root 11241100x8000000000000000537666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3566c330b1d1392021-12-21 11:31:47.444root 11241100x8000000000000000537667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612fa7861eeba7202021-12-21 11:31:47.444root 11241100x8000000000000000537668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8a558a05e0b5fd2021-12-21 11:31:47.444root 11241100x8000000000000000537669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c80dc6ef7f02372021-12-21 11:31:47.445root 11241100x8000000000000000537670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e04fcefb3183ee92021-12-21 11:31:47.445root 11241100x8000000000000000537671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137eaea8381312e42021-12-21 11:31:47.445root 11241100x8000000000000000537672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37de3ae8c0a92baf2021-12-21 11:31:47.943root 11241100x8000000000000000537673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c16bc7aa6dad4362021-12-21 11:31:47.943root 11241100x8000000000000000537674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9770b300f161a892021-12-21 11:31:47.943root 11241100x8000000000000000537675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2594ca6c19ea8c072021-12-21 11:31:47.943root 11241100x8000000000000000537676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177a29c1d680ad22021-12-21 11:31:47.944root 11241100x8000000000000000537677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22064a0b105d5ba92021-12-21 11:31:47.944root 11241100x8000000000000000537678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0292b3d15418ddc2021-12-21 11:31:47.944root 11241100x8000000000000000537679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51ad0b8fa2d6ec92021-12-21 11:31:47.944root 11241100x8000000000000000537680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfee8e1b5ba3ba72021-12-21 11:31:47.944root 11241100x8000000000000000537681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb29088f1e4b052021-12-21 11:31:47.944root 11241100x8000000000000000537682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c24df4819aef4af2021-12-21 11:31:47.944root 11241100x8000000000000000537683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6ae764d7e06242021-12-21 11:31:47.944root 11241100x8000000000000000537684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3f2980c45ea2232021-12-21 11:31:47.944root 11241100x8000000000000000537685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5dba008a406e282021-12-21 11:31:47.944root 11241100x8000000000000000537686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3113acca875b0b2021-12-21 11:31:47.944root 11241100x8000000000000000537687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb921445bdfaa7b2021-12-21 11:31:47.944root 11241100x8000000000000000537688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ec01263ae6ca262021-12-21 11:31:47.944root 11241100x8000000000000000537689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b71bcc18c5a6c012021-12-21 11:31:47.944root 11241100x8000000000000000537690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab2344bef06e5222021-12-21 11:31:47.945root 11241100x8000000000000000537691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67281f0b3c4c3952021-12-21 11:31:47.945root 11241100x8000000000000000537692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c29f5b3e537f2342021-12-21 11:31:47.945root 11241100x8000000000000000537693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e35a1158b3e49062021-12-21 11:31:48.443root 11241100x8000000000000000537694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99466ae12d844cad2021-12-21 11:31:48.443root 11241100x8000000000000000537695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fa5b4dbeb96922021-12-21 11:31:48.444root 11241100x8000000000000000537696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90961a98960fdc92021-12-21 11:31:48.444root 11241100x8000000000000000537697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7a06bcfff2e3e72021-12-21 11:31:48.444root 11241100x8000000000000000537698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203c1207c39f18792021-12-21 11:31:48.444root 11241100x8000000000000000537699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6090a518abf0353a2021-12-21 11:31:48.444root 11241100x8000000000000000537700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f47e36fc51418f62021-12-21 11:31:48.444root 11241100x8000000000000000537701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028db07a1261f8b82021-12-21 11:31:48.444root 11241100x8000000000000000537702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c80bc1bda5fee7d2021-12-21 11:31:48.444root 11241100x8000000000000000537703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4ac139d91ce00b2021-12-21 11:31:48.444root 11241100x8000000000000000537704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2dce243aa0902d2021-12-21 11:31:48.444root 11241100x8000000000000000537705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceb83f4939ee4ad2021-12-21 11:31:48.444root 11241100x8000000000000000537706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45b61859c06e9182021-12-21 11:31:48.444root 11241100x8000000000000000537707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67018e7241fa3a2021-12-21 11:31:48.445root 11241100x8000000000000000537708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068461c5d685c9712021-12-21 11:31:48.445root 11241100x8000000000000000537709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7186ac87d5e3242021-12-21 11:31:48.445root 11241100x8000000000000000537710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d4378090eb26162021-12-21 11:31:48.445root 11241100x8000000000000000537711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2e7a056d4d610e2021-12-21 11:31:48.445root 11241100x8000000000000000537712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1897337b06f71c5f2021-12-21 11:31:48.445root 11241100x8000000000000000537713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc0ef586d4a7332021-12-21 11:31:48.445root 11241100x8000000000000000537714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de18f7817c6d0db2021-12-21 11:31:48.943root 11241100x8000000000000000537715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0701c58649690c2021-12-21 11:31:48.943root 11241100x8000000000000000537716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4f006e8128c5a02021-12-21 11:31:48.943root 11241100x8000000000000000537717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9a762862dca9832021-12-21 11:31:48.943root 11241100x8000000000000000537718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ca61ca09465842021-12-21 11:31:48.944root 11241100x8000000000000000537719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663068c9d18895b42021-12-21 11:31:48.944root 11241100x8000000000000000537720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f2d5f2f518b03c2021-12-21 11:31:48.944root 11241100x8000000000000000537721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb848c2a6792bf2d2021-12-21 11:31:48.944root 11241100x8000000000000000537722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d589e3fdfa0c01232021-12-21 11:31:48.944root 11241100x8000000000000000537723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59558a9eb8385fbe2021-12-21 11:31:48.944root 11241100x8000000000000000537724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c096638ed9e696202021-12-21 11:31:48.944root 11241100x8000000000000000537725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256f70c2a2ecb7992021-12-21 11:31:48.944root 11241100x8000000000000000537726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59c975fba602bd22021-12-21 11:31:48.944root 11241100x8000000000000000537727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c05d9711fa05f52021-12-21 11:31:48.944root 11241100x8000000000000000537728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d21f84f29d6cf22021-12-21 11:31:48.944root 11241100x8000000000000000537729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c91da1f98efe4942021-12-21 11:31:48.944root 11241100x8000000000000000537730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1461675ee3035172021-12-21 11:31:48.944root 11241100x8000000000000000537731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81f6ffd787b5c732021-12-21 11:31:48.944root 11241100x8000000000000000537732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3791734132fd9822021-12-21 11:31:48.944root 11241100x8000000000000000537733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9da02f89353cbf92021-12-21 11:31:48.945root 11241100x8000000000000000537734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3a9905c028f4132021-12-21 11:31:48.945root 354300x8000000000000000537735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48670-false10.0.1.12-8000- 11241100x8000000000000000537736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a82bf7ad12d0ed2021-12-21 11:31:49.443root 11241100x8000000000000000537737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2cc17982db51012021-12-21 11:31:49.443root 11241100x8000000000000000537738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3d60eab37730542021-12-21 11:31:49.443root 11241100x8000000000000000537739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8737071dde452c2021-12-21 11:31:49.443root 11241100x8000000000000000537740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e0be3c34d2dfa2021-12-21 11:31:49.444root 11241100x8000000000000000537741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045745bd3d939fbc2021-12-21 11:31:49.444root 11241100x8000000000000000537742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7226f4869e557ad62021-12-21 11:31:49.444root 11241100x8000000000000000537743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916c97e9f3056a802021-12-21 11:31:49.444root 11241100x8000000000000000537744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738d0ae52fe94ca22021-12-21 11:31:49.444root 11241100x8000000000000000537745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2145e5b64de25db12021-12-21 11:31:49.444root 11241100x8000000000000000537746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968c6f1c22e3baf2021-12-21 11:31:49.444root 11241100x8000000000000000537747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ca188566944562021-12-21 11:31:49.444root 11241100x8000000000000000537748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f78ffbb2049156e2021-12-21 11:31:49.444root 11241100x8000000000000000537749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c9ad0b2fd677762021-12-21 11:31:49.444root 11241100x8000000000000000537750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b488cfeb8466a8c42021-12-21 11:31:49.445root 11241100x8000000000000000537751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3df9a22e42a14bf2021-12-21 11:31:49.445root 11241100x8000000000000000537752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c629d0e8110e422021-12-21 11:31:49.445root 11241100x8000000000000000537753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c600be18266cad2021-12-21 11:31:49.445root 11241100x8000000000000000537754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57366574e34635292021-12-21 11:31:49.445root 11241100x8000000000000000537755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74dd98bf6537b8c2021-12-21 11:31:49.445root 11241100x8000000000000000537756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7290c4c8bc7b09032021-12-21 11:31:49.445root 11241100x8000000000000000537757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0f17809e07665c2021-12-21 11:31:49.445root 11241100x8000000000000000537758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92dd090c77659042021-12-21 11:31:49.943root 11241100x8000000000000000537759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd191ec7f5de1a102021-12-21 11:31:49.943root 11241100x8000000000000000537760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64910becda7d4242021-12-21 11:31:49.943root 11241100x8000000000000000537761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e49abe3ecb1dea42021-12-21 11:31:49.943root 11241100x8000000000000000537762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e6fc4f54808ed2021-12-21 11:31:49.944root 11241100x8000000000000000537763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d21245f91899a2021-12-21 11:31:49.944root 11241100x8000000000000000537764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d1c6ea7bf21a22021-12-21 11:31:49.944root 11241100x8000000000000000537765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b665ea050a9e8c2021-12-21 11:31:49.944root 11241100x8000000000000000537766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268df93a0e464f8a2021-12-21 11:31:49.944root 11241100x8000000000000000537767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f579a0e7ee53b22021-12-21 11:31:49.944root 11241100x8000000000000000537768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806a300f1ca8f012021-12-21 11:31:49.944root 11241100x8000000000000000537769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82616c5d06a40de42021-12-21 11:31:49.944root 11241100x8000000000000000537770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec45103c9d4863cf2021-12-21 11:31:49.944root 11241100x8000000000000000537771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37284d1eaddb56012021-12-21 11:31:49.944root 11241100x8000000000000000537772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fb40ffd39bcbe82021-12-21 11:31:49.944root 11241100x8000000000000000537773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f179ce0a70fef82021-12-21 11:31:49.944root 11241100x8000000000000000537774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4cb3b7bcb701052021-12-21 11:31:49.944root 11241100x8000000000000000537775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b02010686c9472021-12-21 11:31:49.944root 11241100x8000000000000000537776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd47785d80fb1d0c2021-12-21 11:31:49.945root 11241100x8000000000000000537777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df510d568a3e4a2021-12-21 11:31:49.945root 11241100x8000000000000000537778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7922fb02001272021-12-21 11:31:49.945root 11241100x8000000000000000537779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619c0cb0c39c7212021-12-21 11:31:49.945root 11241100x8000000000000000537780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac80cfcfc19c3472021-12-21 11:31:50.443root 11241100x8000000000000000537781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0e7d836d507e02021-12-21 11:31:50.443root 11241100x8000000000000000537782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5f1dfb52601b502021-12-21 11:31:50.444root 11241100x8000000000000000537783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d42e1cf4c44e0d42021-12-21 11:31:50.444root 11241100x8000000000000000537784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e938326e8412672021-12-21 11:31:50.444root 11241100x8000000000000000537785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6b1b320983615c2021-12-21 11:31:50.444root 11241100x8000000000000000537786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55a2b73ec9937422021-12-21 11:31:50.444root 11241100x8000000000000000537787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73e9d86d8e221482021-12-21 11:31:50.445root 11241100x8000000000000000537788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b024e6ad3b14d2992021-12-21 11:31:50.445root 11241100x8000000000000000537789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef999f3d5e9dec2021-12-21 11:31:50.445root 11241100x8000000000000000537790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bee6ab6b91b00cd2021-12-21 11:31:50.445root 11241100x8000000000000000537791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b93bbcbf6a4d3f92021-12-21 11:31:50.445root 11241100x8000000000000000537792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2190b3615b20d2f62021-12-21 11:31:50.445root 11241100x8000000000000000537793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13777c1050286ff82021-12-21 11:31:50.445root 11241100x8000000000000000537794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14324f8d8a49a3d82021-12-21 11:31:50.445root 11241100x8000000000000000537795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968eddd1f2ab73602021-12-21 11:31:50.445root 11241100x8000000000000000537796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850e9343e16922bc2021-12-21 11:31:50.445root 11241100x8000000000000000537797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029bf4c8fb7e80552021-12-21 11:31:50.445root 11241100x8000000000000000537798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07feb0bd7ea50da22021-12-21 11:31:50.445root 11241100x8000000000000000537799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f823b2350189c2021-12-21 11:31:50.445root 11241100x8000000000000000537800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2c87ed1bf187e42021-12-21 11:31:50.445root 11241100x8000000000000000537801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaac1614a6a264d2021-12-21 11:31:50.445root 11241100x8000000000000000537802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7993efec6ed813502021-12-21 11:31:50.943root 11241100x8000000000000000537803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a8c59660cb41a32021-12-21 11:31:50.943root 11241100x8000000000000000537804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8d0d1fc8e6a6872021-12-21 11:31:50.943root 11241100x8000000000000000537805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096310ce6c547e62021-12-21 11:31:50.944root 11241100x8000000000000000537806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef98dd6572f3bbe2021-12-21 11:31:50.944root 11241100x8000000000000000537807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c82d47bb99005f2021-12-21 11:31:50.944root 11241100x8000000000000000537808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8550fd7f8312cb2021-12-21 11:31:50.944root 11241100x8000000000000000537809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ddce1662f5f5232021-12-21 11:31:50.944root 11241100x8000000000000000537810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a5c435f1097f622021-12-21 11:31:50.944root 11241100x8000000000000000537811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491456897fed27c32021-12-21 11:31:50.944root 11241100x8000000000000000537812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39bcc58890370b62021-12-21 11:31:50.944root 11241100x8000000000000000537813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77829478b84096992021-12-21 11:31:50.944root 11241100x8000000000000000537814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d008bada012625bc2021-12-21 11:31:50.944root 11241100x8000000000000000537815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d537ac1a681e5f2021-12-21 11:31:50.944root 11241100x8000000000000000537816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e3b4599f74df8a2021-12-21 11:31:50.944root 11241100x8000000000000000537817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10adc84d41668eee2021-12-21 11:31:50.945root 11241100x8000000000000000537818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aaa3c710e3e4e92021-12-21 11:31:50.945root 11241100x8000000000000000537819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb009e4e16d8ff2021-12-21 11:31:50.945root 11241100x8000000000000000537820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76ce66debe0fd312021-12-21 11:31:50.945root 11241100x8000000000000000537821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d3f96c37a4c77b2021-12-21 11:31:50.945root 11241100x8000000000000000537822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078399d3a2d65b152021-12-21 11:31:50.945root 11241100x8000000000000000537823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19731187b13971772021-12-21 11:31:50.945root 11241100x8000000000000000537824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995c100d9a95f9022021-12-21 11:31:51.443root 11241100x8000000000000000537825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75c04fdeabd79e12021-12-21 11:31:51.443root 11241100x8000000000000000537826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7666c425499dab72021-12-21 11:31:51.443root 11241100x8000000000000000537827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac93be068a5bccc2021-12-21 11:31:51.443root 11241100x8000000000000000537828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eb539c1d2492052021-12-21 11:31:51.444root 11241100x8000000000000000537829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6534c746e0a7a802021-12-21 11:31:51.444root 11241100x8000000000000000537830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebbda3e0c57b71c2021-12-21 11:31:51.444root 11241100x8000000000000000537831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135c19cfd890fbde2021-12-21 11:31:51.444root 11241100x8000000000000000537832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4c3c8a903edceb2021-12-21 11:31:51.444root 11241100x8000000000000000537833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e4e21696d99a952021-12-21 11:31:51.444root 11241100x8000000000000000537834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2274dff07e9ee6622021-12-21 11:31:51.444root 11241100x8000000000000000537835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0e8b2d93edc26d2021-12-21 11:31:51.444root 11241100x8000000000000000537836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99b2b28cabeb1e92021-12-21 11:31:51.444root 11241100x8000000000000000537837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce9f15f9eace482021-12-21 11:31:51.444root 11241100x8000000000000000537838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b9c7efffe313b62021-12-21 11:31:51.444root 11241100x8000000000000000537839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626a452785b162322021-12-21 11:31:51.444root 11241100x8000000000000000537840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0768668e91d46662021-12-21 11:31:51.444root 11241100x8000000000000000537841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb200ee7febe252021-12-21 11:31:51.444root 11241100x8000000000000000537842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f39b5a411a22462021-12-21 11:31:51.445root 11241100x8000000000000000537843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df47690f4b3013e12021-12-21 11:31:51.445root 11241100x8000000000000000537844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e356022383734632021-12-21 11:31:51.445root 11241100x8000000000000000537845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2b537575dad622021-12-21 11:31:51.445root 11241100x8000000000000000537846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93904bc32044748c2021-12-21 11:31:51.943root 11241100x8000000000000000537847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27358cbddf0b37762021-12-21 11:31:51.943root 11241100x8000000000000000537848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92b4c56516fa4c32021-12-21 11:31:51.943root 11241100x8000000000000000537849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6e88e27bc9c3c52021-12-21 11:31:51.944root 11241100x8000000000000000537850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b24881b76092cb2021-12-21 11:31:51.944root 11241100x8000000000000000537851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695989331ef34a222021-12-21 11:31:51.944root 11241100x8000000000000000537852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3fa286719b19f2021-12-21 11:31:51.944root 11241100x8000000000000000537853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd2d8e2aefc17c12021-12-21 11:31:51.944root 11241100x8000000000000000537854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8744753dede61e2021-12-21 11:31:51.944root 11241100x8000000000000000537855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857a4b4b80bb12d2021-12-21 11:31:51.944root 11241100x8000000000000000537856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf388bda484dd7b2021-12-21 11:31:51.944root 11241100x8000000000000000537857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a0ae8707d8b2c62021-12-21 11:31:51.944root 11241100x8000000000000000537858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cca1875abecad6d2021-12-21 11:31:51.944root 11241100x8000000000000000537859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134f06820d11bcd42021-12-21 11:31:51.944root 11241100x8000000000000000537860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273a1305a4d85dd42021-12-21 11:31:51.944root 11241100x8000000000000000537861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf0208f4d16c0a42021-12-21 11:31:51.944root 11241100x8000000000000000537862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31337a855ea3b38c2021-12-21 11:31:51.944root 11241100x8000000000000000537863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3360027e7d225f92021-12-21 11:31:51.944root 11241100x8000000000000000537864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b94c3567969f252021-12-21 11:31:51.945root 11241100x8000000000000000537865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45be1a311ad05fa2021-12-21 11:31:51.945root 11241100x8000000000000000537866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28123855ec31787f2021-12-21 11:31:51.945root 11241100x8000000000000000537867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cd791f43d616492021-12-21 11:31:51.945root 11241100x8000000000000000537868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc6e0b3baa7ec12021-12-21 11:31:52.443root 11241100x8000000000000000537869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828333c0805a77362021-12-21 11:31:52.443root 11241100x8000000000000000537870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93324364526a82b2021-12-21 11:31:52.443root 11241100x8000000000000000537871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60b9db2a2a5da52021-12-21 11:31:52.443root 11241100x8000000000000000537872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc113f886606c0732021-12-21 11:31:52.444root 11241100x8000000000000000537873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3fbcecaeaca37f2021-12-21 11:31:52.444root 11241100x8000000000000000537874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab232e747b3863b62021-12-21 11:31:52.444root 11241100x8000000000000000537875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c3f029faa04282021-12-21 11:31:52.444root 11241100x8000000000000000537876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230408ef5312b7312021-12-21 11:31:52.444root 11241100x8000000000000000537877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4111d33fee77528a2021-12-21 11:31:52.444root 11241100x8000000000000000537878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f2f35ea41d7af22021-12-21 11:31:52.444root 11241100x8000000000000000537879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254f34ddebb01fbc2021-12-21 11:31:52.444root 11241100x8000000000000000537880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04398aa5109982ec2021-12-21 11:31:52.444root 11241100x8000000000000000537881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023211b147fe2b952021-12-21 11:31:52.444root 11241100x8000000000000000537882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4259c9b05c204742021-12-21 11:31:52.444root 11241100x8000000000000000537883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fe1234a312c6862021-12-21 11:31:52.444root 11241100x8000000000000000537884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460619822be4e2c92021-12-21 11:31:52.444root 11241100x8000000000000000537885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6389a6d0d377ea582021-12-21 11:31:52.444root 11241100x8000000000000000537886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e421e757036e612021-12-21 11:31:52.445root 11241100x8000000000000000537887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464cd6281c3df8172021-12-21 11:31:52.445root 11241100x8000000000000000537888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e50be68b078db2021-12-21 11:31:52.445root 11241100x8000000000000000537889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52d094f380d156e2021-12-21 11:31:52.445root 11241100x8000000000000000537890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4849edc7bce9f5532021-12-21 11:31:52.943root 11241100x8000000000000000537891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f49f9cca3b01592021-12-21 11:31:52.943root 11241100x8000000000000000537892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d3d24dc15c2eee2021-12-21 11:31:52.944root 11241100x8000000000000000537893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8719d014b91061d2021-12-21 11:31:52.944root 11241100x8000000000000000537894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2982c76dc955522021-12-21 11:31:52.944root 11241100x8000000000000000537895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38002f21cf73cc332021-12-21 11:31:52.944root 11241100x8000000000000000537896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa15bbbd9cb22f242021-12-21 11:31:52.944root 11241100x8000000000000000537897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474ce9be46a617ba2021-12-21 11:31:52.944root 11241100x8000000000000000537898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab5da12713da5dd2021-12-21 11:31:52.944root 11241100x8000000000000000537899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7510218bf9b8a42021-12-21 11:31:52.945root 11241100x8000000000000000537900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0e316ffed1ebac2021-12-21 11:31:52.945root 11241100x8000000000000000537901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97b5dc702ad4da92021-12-21 11:31:52.945root 11241100x8000000000000000537902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70deb06a0aa4029c2021-12-21 11:31:52.945root 11241100x8000000000000000537903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56df96ee38fc57962021-12-21 11:31:52.945root 11241100x8000000000000000537904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3440f41817549c332021-12-21 11:31:52.945root 11241100x8000000000000000537905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d365e0b14cac3f22021-12-21 11:31:52.945root 11241100x8000000000000000537906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1423ca528f53cc4c2021-12-21 11:31:52.946root 11241100x8000000000000000537907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ab781d628d0a9d2021-12-21 11:31:52.947root 11241100x8000000000000000537908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc502481f388b4a2021-12-21 11:31:52.947root 11241100x8000000000000000537909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0ffdcbefacb3472021-12-21 11:31:52.948root 11241100x8000000000000000537910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a28a8386bae772021-12-21 11:31:52.948root 11241100x8000000000000000537911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb842699694fd72021-12-21 11:31:52.948root 11241100x8000000000000000537912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c66ea42e8a8c6f2021-12-21 11:31:52.948root 11241100x8000000000000000537913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37287503c1414ad2021-12-21 11:31:52.949root 11241100x8000000000000000537914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818902513e617d082021-12-21 11:31:53.443root 11241100x8000000000000000537915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936ca87ab14ca7a2021-12-21 11:31:53.444root 11241100x8000000000000000537916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ebf635ff1281f2021-12-21 11:31:53.444root 11241100x8000000000000000537917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93949844fb7ee52b2021-12-21 11:31:53.444root 11241100x8000000000000000537918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab228244589e8af2021-12-21 11:31:53.444root 11241100x8000000000000000537919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc3bc7d08fa0df12021-12-21 11:31:53.444root 11241100x8000000000000000537920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a2e38508997d6e2021-12-21 11:31:53.445root 11241100x8000000000000000537921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80ed0492ce34652021-12-21 11:31:53.445root 11241100x8000000000000000537922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535ec4a8bf0db1eb2021-12-21 11:31:53.445root 11241100x8000000000000000537923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c65c682d0ffb2e2021-12-21 11:31:53.445root 11241100x8000000000000000537924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2d6376215b7ad12021-12-21 11:31:53.445root 11241100x8000000000000000537925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3191d222893de22021-12-21 11:31:53.445root 11241100x8000000000000000537926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f8b91ee443b3452021-12-21 11:31:53.445root 11241100x8000000000000000537927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e131a8d2a4977a2021-12-21 11:31:53.445root 11241100x8000000000000000537928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec659e425ffb33f62021-12-21 11:31:53.445root 11241100x8000000000000000537929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd69269ebe3f9f452021-12-21 11:31:53.445root 11241100x8000000000000000537930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4c007165c582a2021-12-21 11:31:53.445root 11241100x8000000000000000537931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a38cc3a0cd128ae2021-12-21 11:31:53.445root 11241100x8000000000000000537932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2097e6310db38b32021-12-21 11:31:53.445root 11241100x8000000000000000537933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aed369972c3edac2021-12-21 11:31:53.446root 11241100x8000000000000000537934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc42582712ff2002021-12-21 11:31:53.446root 11241100x8000000000000000537935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d28da1667152602021-12-21 11:31:53.446root 11241100x8000000000000000537936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2faec8fc6ca4fd6d2021-12-21 11:31:53.446root 11241100x8000000000000000537937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe70c2cd282a6322021-12-21 11:31:53.446root 11241100x8000000000000000537938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27d97ff8514f2f2021-12-21 11:31:53.943root 11241100x8000000000000000537939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e673d03b559c9c22021-12-21 11:31:53.943root 11241100x8000000000000000537940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f93d28e98654d2021-12-21 11:31:53.943root 11241100x8000000000000000537941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1048ec8b045d06c2021-12-21 11:31:53.943root 11241100x8000000000000000537942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9159e0ae55f714b02021-12-21 11:31:53.943root 11241100x8000000000000000537943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22757ed03402a2d72021-12-21 11:31:53.943root 11241100x8000000000000000537944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f71f7378f0f972021-12-21 11:31:53.943root 11241100x8000000000000000537945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007205dfce9a4f4d2021-12-21 11:31:53.943root 11241100x8000000000000000537946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbcb5201237016f2021-12-21 11:31:53.943root 11241100x8000000000000000537947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa138617b0f41c62021-12-21 11:31:53.943root 11241100x8000000000000000537948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962c8d2103f146a32021-12-21 11:31:53.943root 11241100x8000000000000000537949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4429558f6141992f2021-12-21 11:31:53.944root 11241100x8000000000000000537950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8802473bf9ee853e2021-12-21 11:31:53.944root 11241100x8000000000000000537951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15386f3ba44cb402021-12-21 11:31:53.944root 11241100x8000000000000000537952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad15cddd7ceb83c2021-12-21 11:31:53.944root 11241100x8000000000000000537953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f7572c714f5ed22021-12-21 11:31:53.944root 11241100x8000000000000000537954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25949c11bde970df2021-12-21 11:31:53.944root 11241100x8000000000000000537955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f56786dec937342021-12-21 11:31:53.944root 11241100x8000000000000000537956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34047b7f7258ed92021-12-21 11:31:53.944root 11241100x8000000000000000537957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6652cb6465bcea62021-12-21 11:31:53.944root 11241100x8000000000000000537958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9289a39bb6978a42021-12-21 11:31:53.944root 11241100x8000000000000000537959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a045752819d1a8b22021-12-21 11:31:53.944root 354300x8000000000000000537960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48672-false10.0.1.12-8000- 11241100x8000000000000000537961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7e12dcea86c3542021-12-21 11:31:54.443root 11241100x8000000000000000537962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6814b6d7d1eab92021-12-21 11:31:54.443root 11241100x8000000000000000537963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d8d6b11cb5b2162021-12-21 11:31:54.444root 11241100x8000000000000000537964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbb8ed33548d3ac2021-12-21 11:31:54.444root 11241100x8000000000000000537965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248354c533439842021-12-21 11:31:54.444root 11241100x8000000000000000537966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df2540e4feff0622021-12-21 11:31:54.444root 11241100x8000000000000000537967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b4b32eab812b4f2021-12-21 11:31:54.444root 11241100x8000000000000000537968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aba832b6b652ff62021-12-21 11:31:54.445root 11241100x8000000000000000537969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1523eecb8d5c3522021-12-21 11:31:54.445root 11241100x8000000000000000537970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8830bf16eb3e8f762021-12-21 11:31:54.445root 11241100x8000000000000000537971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1acad829bbb81962021-12-21 11:31:54.445root 11241100x8000000000000000537972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252eefdb16cd62682021-12-21 11:31:54.445root 11241100x8000000000000000537973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1982b2aecb7bf862021-12-21 11:31:54.445root 11241100x8000000000000000537974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373a2bc5dab1cd812021-12-21 11:31:54.445root 11241100x8000000000000000537975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be491818a7b000a2021-12-21 11:31:54.446root 11241100x8000000000000000537976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72917cd751d788b82021-12-21 11:31:54.446root 11241100x8000000000000000537977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51e000607c0d9eb2021-12-21 11:31:54.446root 11241100x8000000000000000537978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea089ff87176dbe2021-12-21 11:31:54.446root 11241100x8000000000000000537979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531d967ae753c23c2021-12-21 11:31:54.446root 11241100x8000000000000000537980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678e6a7160b8109b2021-12-21 11:31:54.446root 11241100x8000000000000000537981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcdf3a8ae75449b2021-12-21 11:31:54.446root 11241100x8000000000000000537982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bed563a58368cc52021-12-21 11:31:54.447root 11241100x8000000000000000537983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e20f394b3c3f9b12021-12-21 11:31:54.447root 11241100x8000000000000000537984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d62f45e4da4e572021-12-21 11:31:54.447root 11241100x8000000000000000537985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c985915db2f5f902021-12-21 11:31:54.447root 11241100x8000000000000000537986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5144c7b8c57dffa72021-12-21 11:31:54.943root 11241100x8000000000000000537987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d31607a650c77192021-12-21 11:31:54.943root 11241100x8000000000000000537988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cccaa1ae9986f982021-12-21 11:31:54.943root 11241100x8000000000000000537989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60031f5c89c5a242021-12-21 11:31:54.944root 11241100x8000000000000000537990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae1e03581c11b42021-12-21 11:31:54.944root 11241100x8000000000000000537991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6776e24c092b894c2021-12-21 11:31:54.944root 11241100x8000000000000000537992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd4934a4f3277a32021-12-21 11:31:54.944root 11241100x8000000000000000537993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e575b167cb6f002021-12-21 11:31:54.944root 11241100x8000000000000000537994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797092f66dad5ed72021-12-21 11:31:54.944root 11241100x8000000000000000537995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d59c38cd0668b2021-12-21 11:31:54.944root 11241100x8000000000000000537996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d0f92985435362021-12-21 11:31:54.944root 11241100x8000000000000000537997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f919e21b0f7202021-12-21 11:31:54.944root 11241100x8000000000000000537998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbfeb17f1e19782021-12-21 11:31:54.944root 11241100x8000000000000000537999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78b62d8debcc7952021-12-21 11:31:54.945root 11241100x8000000000000000538000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2028042946610f442021-12-21 11:31:54.945root 11241100x8000000000000000538001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ec2b124d9ddba2021-12-21 11:31:54.945root 11241100x8000000000000000538002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb202094a89ddf2021-12-21 11:31:54.945root 11241100x8000000000000000538003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a74aac6a289bab2021-12-21 11:31:54.945root 11241100x8000000000000000538004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be55223d04e48892021-12-21 11:31:54.945root 11241100x8000000000000000538005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edab4d0c4be926232021-12-21 11:31:54.945root 11241100x8000000000000000538006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d412f53806f4d6c2021-12-21 11:31:54.945root 11241100x8000000000000000538007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dabf4c6e940cacb2021-12-21 11:31:54.945root 11241100x8000000000000000538008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663f2c548bea5e112021-12-21 11:31:54.945root 11241100x8000000000000000538009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4a1bceef3777572021-12-21 11:31:55.443root 11241100x8000000000000000538010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01433d5ab53cd7d02021-12-21 11:31:55.443root 11241100x8000000000000000538011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef3d927a300d8df2021-12-21 11:31:55.443root 11241100x8000000000000000538012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0911f4b153a1ad02021-12-21 11:31:55.443root 11241100x8000000000000000538013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fa3d3d65314b462021-12-21 11:31:55.444root 11241100x8000000000000000538014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fc146a9abab84e2021-12-21 11:31:55.444root 11241100x8000000000000000538015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82b219c82c526b32021-12-21 11:31:55.444root 11241100x8000000000000000538016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6965f534a892262021-12-21 11:31:55.444root 11241100x8000000000000000538017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d586de24d73694492021-12-21 11:31:55.444root 11241100x8000000000000000538018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d097f137f016ed7a2021-12-21 11:31:55.444root 11241100x8000000000000000538019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687877f7de51c03f2021-12-21 11:31:55.444root 11241100x8000000000000000538020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c265cc7538fa12021-12-21 11:31:55.445root 11241100x8000000000000000538021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59eb116dab559f02021-12-21 11:31:55.445root 11241100x8000000000000000538022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802606d584b6be52021-12-21 11:31:55.445root 11241100x8000000000000000538023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874205590023036b2021-12-21 11:31:55.445root 11241100x8000000000000000538024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b050425ca936e92021-12-21 11:31:55.445root 11241100x8000000000000000538025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3295a01f811f67ea2021-12-21 11:31:55.445root 11241100x8000000000000000538026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbceab0a80126ca02021-12-21 11:31:55.445root 11241100x8000000000000000538027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e66159a22bb7432021-12-21 11:31:55.446root 11241100x8000000000000000538028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0715b95d79b75cd02021-12-21 11:31:55.446root 11241100x8000000000000000538029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4835c9a18f4e55b62021-12-21 11:31:55.446root 11241100x8000000000000000538030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f93fff7a97ee22021-12-21 11:31:55.446root 11241100x8000000000000000538031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88b283fec34e7a2021-12-21 11:31:55.446root 11241100x8000000000000000538032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429f3f461ae518912021-12-21 11:31:55.446root 11241100x8000000000000000538033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825824b8ca0154e32021-12-21 11:31:55.447root 11241100x8000000000000000538034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec7aab7a663d8a2021-12-21 11:31:55.943root 11241100x8000000000000000538035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a106bf5e5f6901f32021-12-21 11:31:55.943root 11241100x8000000000000000538036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef5b14334efb8302021-12-21 11:31:55.943root 11241100x8000000000000000538037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44d90bf113f543e2021-12-21 11:31:55.943root 11241100x8000000000000000538038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fa2e994c8347c32021-12-21 11:31:55.943root 11241100x8000000000000000538039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0c75764a874aa62021-12-21 11:31:55.944root 11241100x8000000000000000538040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27ce45b993ba1f42021-12-21 11:31:55.944root 11241100x8000000000000000538041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c452a9e46e686ad82021-12-21 11:31:55.944root 11241100x8000000000000000538042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29271f9c3f56feed2021-12-21 11:31:55.944root 11241100x8000000000000000538043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad71468adbd64142021-12-21 11:31:55.944root 11241100x8000000000000000538044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0b0271a7a7beff2021-12-21 11:31:55.944root 11241100x8000000000000000538045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb560ec54b501e52021-12-21 11:31:55.944root 11241100x8000000000000000538046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438e96047d220f842021-12-21 11:31:55.944root 11241100x8000000000000000538047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b27187bebf71e582021-12-21 11:31:55.944root 11241100x8000000000000000538048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba5ac449b9d54fd2021-12-21 11:31:55.944root 11241100x8000000000000000538049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc449da67cf214082021-12-21 11:31:55.944root 11241100x8000000000000000538050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4664a558ab564152021-12-21 11:31:55.944root 11241100x8000000000000000538051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ef5eed1073b5692021-12-21 11:31:55.945root 11241100x8000000000000000538052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ceae8c7ac940b42021-12-21 11:31:55.945root 11241100x8000000000000000538053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28845d5aa2146c42021-12-21 11:31:55.945root 11241100x8000000000000000538054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93b63ea0c6f6f502021-12-21 11:31:55.945root 11241100x8000000000000000538055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa41ef4193dd16d2021-12-21 11:31:55.945root 11241100x8000000000000000538056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1168c224fd3b009b2021-12-21 11:31:55.945root 11241100x8000000000000000538057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a196bf4835f7b8c2021-12-21 11:31:55.945root 11241100x8000000000000000538058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8175f5d48783e402021-12-21 11:31:56.443root 11241100x8000000000000000538059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25426fe3fa0de1c2021-12-21 11:31:56.443root 11241100x8000000000000000538060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50def029b4649862021-12-21 11:31:56.443root 11241100x8000000000000000538061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862ac5ac3678f01c2021-12-21 11:31:56.443root 11241100x8000000000000000538062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c28898123d21842021-12-21 11:31:56.444root 11241100x8000000000000000538063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b696fe78c13d5a52021-12-21 11:31:56.444root 11241100x8000000000000000538064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf6827f07f6c0b22021-12-21 11:31:56.444root 11241100x8000000000000000538065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1faeb14a540aae82021-12-21 11:31:56.444root 11241100x8000000000000000538066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c3d85ed6b607cd2021-12-21 11:31:56.444root 11241100x8000000000000000538067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba903b445ff245a72021-12-21 11:31:56.444root 11241100x8000000000000000538068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2506172e0101ef2021-12-21 11:31:56.444root 11241100x8000000000000000538069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a399db65c1aa5e2021-12-21 11:31:56.445root 11241100x8000000000000000538070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aca6fa6c0d433b2021-12-21 11:31:56.445root 11241100x8000000000000000538071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e02ae0ea5e42f2021-12-21 11:31:56.445root 11241100x8000000000000000538072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd7b20440c5a4bc2021-12-21 11:31:56.445root 11241100x8000000000000000538073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8cf86be742e5092021-12-21 11:31:56.446root 11241100x8000000000000000538074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76771caf364fb312021-12-21 11:31:56.446root 11241100x8000000000000000538075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d88d8f3ca89d8812021-12-21 11:31:56.446root 11241100x8000000000000000538076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64f27e0b580f4022021-12-21 11:31:56.446root 11241100x8000000000000000538077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f42f31702fcd99e2021-12-21 11:31:56.446root 11241100x8000000000000000538078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da758afd56233da62021-12-21 11:31:56.447root 11241100x8000000000000000538079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbecee5af2c9efe52021-12-21 11:31:56.447root 11241100x8000000000000000538080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb019f2ac33ec3892021-12-21 11:31:56.447root 11241100x8000000000000000538081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1697d02d8db36122021-12-21 11:31:56.447root 11241100x8000000000000000538082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43907da7c52f39a32021-12-21 11:31:56.447root 11241100x8000000000000000538083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92806248ef4188502021-12-21 11:31:56.943root 11241100x8000000000000000538084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad6bd302724fc072021-12-21 11:31:56.943root 11241100x8000000000000000538085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3309ec8671cfbbbf2021-12-21 11:31:56.943root 11241100x8000000000000000538086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fd1b6c63add8fc2021-12-21 11:31:56.943root 11241100x8000000000000000538087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7087d6aa5ee7332021-12-21 11:31:56.943root 11241100x8000000000000000538088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82343da521250b92021-12-21 11:31:56.943root 11241100x8000000000000000538089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bd88608a2397732021-12-21 11:31:56.943root 11241100x8000000000000000538090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8911ec9fe723db2021-12-21 11:31:56.944root 11241100x8000000000000000538091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e434b7a18353cdd2021-12-21 11:31:56.944root 11241100x8000000000000000538092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12024246c7198302021-12-21 11:31:56.944root 11241100x8000000000000000538093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf5fdb80265adf82021-12-21 11:31:56.944root 11241100x8000000000000000538094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0ef66f3bbddc8d2021-12-21 11:31:56.944root 11241100x8000000000000000538095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1f6806bf9de7282021-12-21 11:31:56.944root 11241100x8000000000000000538096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6124002e3fd9ae602021-12-21 11:31:56.944root 11241100x8000000000000000538097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7397b77451d4dd6d2021-12-21 11:31:56.944root 11241100x8000000000000000538098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eccd17e06e71cde2021-12-21 11:31:56.944root 11241100x8000000000000000538099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e685f0794e4ef592021-12-21 11:31:56.944root 11241100x8000000000000000538100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65999a643d78dcd42021-12-21 11:31:56.944root 11241100x8000000000000000538101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e184341dd5753b32021-12-21 11:31:56.944root 11241100x8000000000000000538102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b43a1355486e3f32021-12-21 11:31:56.945root 11241100x8000000000000000538103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf3a8d8a055bc6a2021-12-21 11:31:56.945root 11241100x8000000000000000538104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3970ec3a3de554152021-12-21 11:31:56.945root 11241100x8000000000000000538105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba04489e9787ba12021-12-21 11:31:56.945root 11241100x8000000000000000538106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5319d39c4889677d2021-12-21 11:31:57.443root 11241100x8000000000000000538107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bed9e25b5c0112021-12-21 11:31:57.443root 11241100x8000000000000000538108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a87cad62cf3d7c2021-12-21 11:31:57.444root 11241100x8000000000000000538109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5fd6120701c1a32021-12-21 11:31:57.444root 11241100x8000000000000000538110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d052b0b03dd6932021-12-21 11:31:57.444root 11241100x8000000000000000538111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8081750ce3898f2021-12-21 11:31:57.444root 11241100x8000000000000000538112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9c01516b287d5f2021-12-21 11:31:57.444root 11241100x8000000000000000538113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4883de26457192522021-12-21 11:31:57.444root 11241100x8000000000000000538114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e43423c5466da62021-12-21 11:31:57.445root 11241100x8000000000000000538115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52094fbf487d6c262021-12-21 11:31:57.445root 11241100x8000000000000000538116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6ba5a2946120f2021-12-21 11:31:57.445root 11241100x8000000000000000538117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c054d8be914a986f2021-12-21 11:31:57.445root 11241100x8000000000000000538118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1924db5101aed2021-12-21 11:31:57.445root 11241100x8000000000000000538119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d57168a3e297f22021-12-21 11:31:57.445root 11241100x8000000000000000538120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462d9b0e733bff392021-12-21 11:31:57.445root 11241100x8000000000000000538121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8c519e79f62da22021-12-21 11:31:57.445root 11241100x8000000000000000538122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f8295203e8d9832021-12-21 11:31:57.445root 11241100x8000000000000000538123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9042c291b629a5f2021-12-21 11:31:57.445root 11241100x8000000000000000538124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c65a66c71e5de2021-12-21 11:31:57.446root 11241100x8000000000000000538125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eb40a05bdf94e12021-12-21 11:31:57.446root 11241100x8000000000000000538126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d1e473b178888c2021-12-21 11:31:57.446root 11241100x8000000000000000538127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7146ebdd9aacbc2021-12-21 11:31:57.446root 11241100x8000000000000000538128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573b67255f17454d2021-12-21 11:31:57.446root 11241100x8000000000000000538129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7acbd95c6d2ee02021-12-21 11:31:57.942root 11241100x8000000000000000538130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2b5a456c553c0f2021-12-21 11:31:57.943root 11241100x8000000000000000538131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6c6b281b0592542021-12-21 11:31:57.943root 11241100x8000000000000000538132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41eef2347d001cfa2021-12-21 11:31:57.943root 11241100x8000000000000000538133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d989ccd665c989422021-12-21 11:31:57.943root 11241100x8000000000000000538134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5724f10fc0f13992021-12-21 11:31:57.943root 11241100x8000000000000000538135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c289f09f4070efe02021-12-21 11:31:57.944root 11241100x8000000000000000538136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf3d588f93a1ff62021-12-21 11:31:57.944root 11241100x8000000000000000538137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e183e2728b12102021-12-21 11:31:57.944root 11241100x8000000000000000538138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ea04f8f672ec02021-12-21 11:31:57.944root 11241100x8000000000000000538139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80332dfcbe85aff2021-12-21 11:31:57.944root 11241100x8000000000000000538140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a9929ac408eb9f2021-12-21 11:31:57.945root 11241100x8000000000000000538141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3908eab3287b3a2021-12-21 11:31:57.945root 11241100x8000000000000000538142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0570a4dab421f7412021-12-21 11:31:57.945root 11241100x8000000000000000538143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ef1b831db101b2021-12-21 11:31:57.945root 11241100x8000000000000000538144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec6a539eab3fdac2021-12-21 11:31:57.945root 11241100x8000000000000000538145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e72e051b4a68c72021-12-21 11:31:57.945root 11241100x8000000000000000538146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4035e5c514feb3a2021-12-21 11:31:57.945root 11241100x8000000000000000538147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b3f1c156c712862021-12-21 11:31:57.945root 11241100x8000000000000000538148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b9a7ab4a1d6772021-12-21 11:31:57.945root 11241100x8000000000000000538149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b584edcf0fbe7c2021-12-21 11:31:57.945root 11241100x8000000000000000538150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5810edc6bbeb7342021-12-21 11:31:57.945root 11241100x8000000000000000538151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046725e8989ac0fe2021-12-21 11:31:57.945root 11241100x8000000000000000538152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b281014b8ab7642021-12-21 11:31:57.945root 11241100x8000000000000000538153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b83ea8d3ddc00e2021-12-21 11:31:57.945root 11241100x8000000000000000538154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad8dde795bf908c2021-12-21 11:31:57.946root 11241100x8000000000000000538155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173e12ecd200729c2021-12-21 11:31:57.946root 11241100x8000000000000000538156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ade41f55f671b12021-12-21 11:31:57.946root 11241100x8000000000000000538157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7149fecb00bf4a1f2021-12-21 11:31:57.946root 11241100x8000000000000000538158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d03e2384385a92021-12-21 11:31:58.443root 11241100x8000000000000000538159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ed095ade9991d2021-12-21 11:31:58.443root 11241100x8000000000000000538160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c48dda65cf0792021-12-21 11:31:58.443root 11241100x8000000000000000538161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da0c2027c1ab8a62021-12-21 11:31:58.443root 11241100x8000000000000000538162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df12be01517c9efe2021-12-21 11:31:58.444root 11241100x8000000000000000538163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59184db0eb8fca402021-12-21 11:31:58.444root 11241100x8000000000000000538164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014035157d0677782021-12-21 11:31:58.444root 11241100x8000000000000000538165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa0af9861ebd9132021-12-21 11:31:58.444root 11241100x8000000000000000538166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d77bfa8be1ceecf2021-12-21 11:31:58.444root 11241100x8000000000000000538167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff99aca686d3554a2021-12-21 11:31:58.444root 11241100x8000000000000000538168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fd55f272c8339f2021-12-21 11:31:58.444root 11241100x8000000000000000538169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931e69bceb639352021-12-21 11:31:58.445root 11241100x8000000000000000538170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6845a680bd327992021-12-21 11:31:58.445root 11241100x8000000000000000538171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcb6c420098b6ee2021-12-21 11:31:58.445root 11241100x8000000000000000538172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4392023add9751aa2021-12-21 11:31:58.445root 11241100x8000000000000000538173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d7cb96cb37fa72021-12-21 11:31:58.445root 11241100x8000000000000000538174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceae1b38d8edea692021-12-21 11:31:58.445root 11241100x8000000000000000538175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ea843e4e13e3842021-12-21 11:31:58.445root 11241100x8000000000000000538176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193eea12510c0ba42021-12-21 11:31:58.445root 11241100x8000000000000000538177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545c346ca706d45f2021-12-21 11:31:58.445root 11241100x8000000000000000538178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d71e46c20f2872021-12-21 11:31:58.445root 11241100x8000000000000000538179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b35d75ddf1a00c12021-12-21 11:31:58.445root 11241100x8000000000000000538180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ab545996f07762021-12-21 11:31:58.446root 11241100x8000000000000000538181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9f97ac3b80aeab2021-12-21 11:31:58.446root 11241100x8000000000000000538182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbc5c5660dc6eba2021-12-21 11:31:58.446root 11241100x8000000000000000538183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcde1c504a91d4c32021-12-21 11:31:58.446root 11241100x8000000000000000538184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f4e21471cf40ad2021-12-21 11:31:58.446root 11241100x8000000000000000538185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bf562e1ba086b52021-12-21 11:31:58.446root 11241100x8000000000000000538186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce0252510ed542d2021-12-21 11:31:58.447root 11241100x8000000000000000538187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec7de4115bd3ad42021-12-21 11:31:58.447root 11241100x8000000000000000538188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485f15e2c893453d2021-12-21 11:31:58.447root 11241100x8000000000000000538189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3320ebbcdf9a3142021-12-21 11:31:58.447root 11241100x8000000000000000538190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83164cc677ccca372021-12-21 11:31:58.447root 11241100x8000000000000000538191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230f9e856e31c402021-12-21 11:31:58.447root 11241100x8000000000000000538192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e51096ea60bd202021-12-21 11:31:58.447root 11241100x8000000000000000538193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a08d621fbe9da92021-12-21 11:31:58.448root 11241100x8000000000000000538194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f602d0861739ef2021-12-21 11:31:58.448root 11241100x8000000000000000538195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad55e62cbcd98f2021-12-21 11:31:58.448root 11241100x8000000000000000538196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b310a588f933cdf72021-12-21 11:31:58.448root 11241100x8000000000000000538197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee836d144cb3bb12021-12-21 11:31:58.448root 11241100x8000000000000000538198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f3f3d7ca2c3cac2021-12-21 11:31:58.448root 11241100x8000000000000000538199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bbe56fd3f812e32021-12-21 11:31:58.448root 11241100x8000000000000000538200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7af95dab925aae2021-12-21 11:31:58.943root 11241100x8000000000000000538201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15846b027643d48b2021-12-21 11:31:58.943root 11241100x8000000000000000538202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b70d719649d33002021-12-21 11:31:58.943root 11241100x8000000000000000538203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa1ef92b8fc3072021-12-21 11:31:58.944root 11241100x8000000000000000538204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c25b63c5235ac012021-12-21 11:31:58.944root 11241100x8000000000000000538205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21113fcb17a6362d2021-12-21 11:31:58.944root 11241100x8000000000000000538206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0059228ac4bc74712021-12-21 11:31:58.944root 11241100x8000000000000000538207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df021960b721b7e52021-12-21 11:31:58.944root 11241100x8000000000000000538208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7222a956e90fc30b2021-12-21 11:31:58.944root 11241100x8000000000000000538209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80306a1d51781d9c2021-12-21 11:31:58.945root 11241100x8000000000000000538210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d6872bf0eb6f82021-12-21 11:31:58.945root 11241100x8000000000000000538211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cff39ed67f6b84c2021-12-21 11:31:58.945root 11241100x8000000000000000538212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddbee0b3ecbf342021-12-21 11:31:58.945root 11241100x8000000000000000538213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f00c6936ef8f72021-12-21 11:31:58.945root 11241100x8000000000000000538214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead55c52284d19722021-12-21 11:31:58.946root 11241100x8000000000000000538215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7faf2a5d9a4b082021-12-21 11:31:58.946root 11241100x8000000000000000538216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e714f267fc09942021-12-21 11:31:58.946root 11241100x8000000000000000538217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3771828bba399bb22021-12-21 11:31:58.946root 11241100x8000000000000000538218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd964094666cb8d2021-12-21 11:31:58.946root 11241100x8000000000000000538219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab381bb91228ff6f2021-12-21 11:31:58.946root 11241100x8000000000000000538220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bfe05840da35f92021-12-21 11:31:58.946root 11241100x8000000000000000538221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2406efa87febc6e12021-12-21 11:31:58.947root 11241100x8000000000000000538222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1ddf7b1425f422021-12-21 11:31:58.947root 11241100x8000000000000000538223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24989b2058a96d5a2021-12-21 11:31:58.947root 11241100x8000000000000000538224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c5de537ad1abe2021-12-21 11:31:58.947root 11241100x8000000000000000538225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7af99a595c6cd62021-12-21 11:31:58.947root 11241100x8000000000000000538226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00392e23a94b6d012021-12-21 11:31:58.947root 354300x8000000000000000538227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.149{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48674-false10.0.1.12-8000- 11241100x8000000000000000538228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392397cf63e007af2021-12-21 11:31:59.443root 11241100x8000000000000000538229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79723c732d16c6d02021-12-21 11:31:59.444root 11241100x8000000000000000538230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2583b2d9dbec1bde2021-12-21 11:31:59.444root 11241100x8000000000000000538231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d309d62c7ca7da2021-12-21 11:31:59.444root 11241100x8000000000000000538232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583b7f2484222c5c2021-12-21 11:31:59.444root 11241100x8000000000000000538233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6855a748215152021-12-21 11:31:59.444root 11241100x8000000000000000538234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c86637ac7b06fc42021-12-21 11:31:59.444root 11241100x8000000000000000538235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2878f2e0ad8fc7cc2021-12-21 11:31:59.444root 11241100x8000000000000000538236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071425edf5c071fd2021-12-21 11:31:59.444root 11241100x8000000000000000538237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7365d5dd7a1feb902021-12-21 11:31:59.444root 11241100x8000000000000000538238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbe9ba243bd40572021-12-21 11:31:59.444root 11241100x8000000000000000538239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e261a7b04a8eb4de2021-12-21 11:31:59.444root 11241100x8000000000000000538240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97a15a0acaab1762021-12-21 11:31:59.444root 11241100x8000000000000000538241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440d8da5b7408cfd2021-12-21 11:31:59.445root 11241100x8000000000000000538242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210474f67419122b2021-12-21 11:31:59.445root 11241100x8000000000000000538243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a75223c30ad94c2021-12-21 11:31:59.445root 11241100x8000000000000000538244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fd22826a7e04ba2021-12-21 11:31:59.445root 11241100x8000000000000000538245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02b5c268dc5a5c82021-12-21 11:31:59.445root 11241100x8000000000000000538246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2152353bd4819cf2021-12-21 11:31:59.445root 11241100x8000000000000000538247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c84079a91be21e2021-12-21 11:31:59.445root 11241100x8000000000000000538248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b910ce396eb7be2021-12-21 11:31:59.445root 11241100x8000000000000000538249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ea38a31f5966d72021-12-21 11:31:59.445root 11241100x8000000000000000538250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d5057ee7464c62021-12-21 11:31:59.445root 11241100x8000000000000000538251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3450d731d40d1a2021-12-21 11:31:59.445root 11241100x8000000000000000538252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80f5e67975e9a2f2021-12-21 11:31:59.943root 11241100x8000000000000000538253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1783313b74da78e72021-12-21 11:31:59.943root 11241100x8000000000000000538254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5925d8eeb4236c32021-12-21 11:31:59.943root 11241100x8000000000000000538255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ec217e232ad7282021-12-21 11:31:59.943root 11241100x8000000000000000538256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a98d2d0ceebbbb12021-12-21 11:31:59.944root 11241100x8000000000000000538257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf39ad4d925409652021-12-21 11:31:59.944root 11241100x8000000000000000538258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3763541ab0dcfe0a2021-12-21 11:31:59.944root 11241100x8000000000000000538259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958cb275c395cece2021-12-21 11:31:59.944root 11241100x8000000000000000538260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5259b34a8a298a2021-12-21 11:31:59.944root 11241100x8000000000000000538261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ad84f692f6f1a2021-12-21 11:31:59.944root 11241100x8000000000000000538262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc61991aa4c5c782021-12-21 11:31:59.944root 11241100x8000000000000000538263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e203fc86dedb09262021-12-21 11:31:59.944root 11241100x8000000000000000538264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de84ffd562710f2021-12-21 11:31:59.944root 11241100x8000000000000000538265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5250cc053164b94b2021-12-21 11:31:59.944root 11241100x8000000000000000538266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8491a18584fa458b2021-12-21 11:31:59.944root 11241100x8000000000000000538267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e2766b82d33e52021-12-21 11:31:59.944root 11241100x8000000000000000538268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4d69b4024f7ac22021-12-21 11:31:59.944root 11241100x8000000000000000538269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb14285730550fe2021-12-21 11:31:59.944root 11241100x8000000000000000538270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b98eac48d76e632021-12-21 11:31:59.944root 11241100x8000000000000000538271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80044d5856fe85922021-12-21 11:31:59.944root 11241100x8000000000000000538272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e06f56698755fe2021-12-21 11:31:59.945root 11241100x8000000000000000538273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3631af0560343d12021-12-21 11:31:59.945root 11241100x8000000000000000538274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70e8d2a74fbd3102021-12-21 11:31:59.945root 11241100x8000000000000000538275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:31:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1798f80efeba0c2021-12-21 11:31:59.945root 11241100x8000000000000000538276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a14f2234be2c8d2021-12-21 11:32:00.443root 11241100x8000000000000000538277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f244f05693d0422021-12-21 11:32:00.443root 11241100x8000000000000000538278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1b8c82ff0f05c72021-12-21 11:32:00.444root 11241100x8000000000000000538279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a98db1f7bcee8d2021-12-21 11:32:00.444root 11241100x8000000000000000538280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883787f9457ff3582021-12-21 11:32:00.444root 11241100x8000000000000000538281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b34080b075faad2021-12-21 11:32:00.444root 11241100x8000000000000000538282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a3dd094a936ce32021-12-21 11:32:00.444root 11241100x8000000000000000538283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63d9e681100e6e92021-12-21 11:32:00.444root 11241100x8000000000000000538284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618974440197fb0a2021-12-21 11:32:00.445root 11241100x8000000000000000538285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e2c05fa48b1c002021-12-21 11:32:00.445root 11241100x8000000000000000538286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d0759a7bbd76902021-12-21 11:32:00.445root 11241100x8000000000000000538287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa2327a60b0cf352021-12-21 11:32:00.445root 11241100x8000000000000000538288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af110b4c68584c2f2021-12-21 11:32:00.445root 11241100x8000000000000000538289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc053ce468e7515e2021-12-21 11:32:00.445root 11241100x8000000000000000538290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca19029cff1f67c92021-12-21 11:32:00.445root 11241100x8000000000000000538291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd40cce6bd3d62cc2021-12-21 11:32:00.445root 11241100x8000000000000000538292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047948c2415a87082021-12-21 11:32:00.445root 11241100x8000000000000000538293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e88d0387997faf72021-12-21 11:32:00.446root 11241100x8000000000000000538294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3e91ffb56266892021-12-21 11:32:00.446root 11241100x8000000000000000538295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d45b292a1f3b8a2021-12-21 11:32:00.446root 11241100x8000000000000000538296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6230b46dd1ee1bab2021-12-21 11:32:00.446root 11241100x8000000000000000538297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480b333e22f4bddc2021-12-21 11:32:00.446root 11241100x8000000000000000538298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049d26562a2438e2021-12-21 11:32:00.447root 11241100x8000000000000000538299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf0d3f277b09b6e2021-12-21 11:32:00.447root 11241100x8000000000000000538300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4fb7ea76205d0f2021-12-21 11:32:00.943root 11241100x8000000000000000538301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aef32f444635722021-12-21 11:32:00.943root 11241100x8000000000000000538302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb39b933094c17062021-12-21 11:32:00.943root 11241100x8000000000000000538303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8541c92cf3ec082021-12-21 11:32:00.943root 11241100x8000000000000000538304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2372f1646d8e132021-12-21 11:32:00.943root 11241100x8000000000000000538305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d346a61ce45be242021-12-21 11:32:00.943root 11241100x8000000000000000538306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f14477cfa6a38d2021-12-21 11:32:00.944root 11241100x8000000000000000538307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ed0472cc4d86292021-12-21 11:32:00.944root 11241100x8000000000000000538308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a803ea541e81ce062021-12-21 11:32:00.944root 11241100x8000000000000000538309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28def0bb01f386d42021-12-21 11:32:00.944root 11241100x8000000000000000538310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0949a3872ec572021-12-21 11:32:00.944root 11241100x8000000000000000538311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee1e6c33e418a092021-12-21 11:32:00.944root 11241100x8000000000000000538312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff7c1f1c1d597862021-12-21 11:32:00.944root 11241100x8000000000000000538313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34d53babbb181b02021-12-21 11:32:00.944root 11241100x8000000000000000538314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fc916aa46637492021-12-21 11:32:00.944root 11241100x8000000000000000538315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5560c73ab54105f62021-12-21 11:32:00.944root 11241100x8000000000000000538316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde7d8c430aef1922021-12-21 11:32:00.945root 11241100x8000000000000000538317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b02607651a216312021-12-21 11:32:00.945root 11241100x8000000000000000538318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8dea6edfa2ea262021-12-21 11:32:00.945root 11241100x8000000000000000538319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df8e04cf9293e382021-12-21 11:32:00.945root 11241100x8000000000000000538320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e6a5472fe9bda82021-12-21 11:32:00.945root 11241100x8000000000000000538321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eb5ca3e39bd4e92021-12-21 11:32:00.945root 11241100x8000000000000000538322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886e094740b270e32021-12-21 11:32:00.946root 11241100x8000000000000000538323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7d74becbb8ff432021-12-21 11:32:00.946root 11241100x8000000000000000538324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af6048cfe2a76b02021-12-21 11:32:00.946root 11241100x8000000000000000538325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b77f03ddbfa2782021-12-21 11:32:00.946root 11241100x8000000000000000538326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415d37acaa57cd02021-12-21 11:32:00.946root 11241100x8000000000000000538327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfb317956f2c132021-12-21 11:32:00.946root 11241100x8000000000000000538328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82f439cee901902021-12-21 11:32:00.946root 11241100x8000000000000000538329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb1668d6ebb94a02021-12-21 11:32:00.947root 11241100x8000000000000000538330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08924b4d8b831b52021-12-21 11:32:00.947root 11241100x8000000000000000538331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765579e22df45eed2021-12-21 11:32:00.947root 11241100x8000000000000000538332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fea623ba7ad3c852021-12-21 11:32:00.948root 11241100x8000000000000000538333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7fda7b98c076f72021-12-21 11:32:00.948root 11241100x8000000000000000538334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ec340313abb1382021-12-21 11:32:00.948root 11241100x8000000000000000538335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9392a22222c7ade32021-12-21 11:32:00.948root 11241100x8000000000000000538336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a161d31aa8e83f2021-12-21 11:32:00.949root 11241100x8000000000000000538337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd5481851e90b852021-12-21 11:32:00.949root 11241100x8000000000000000538338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502b86c9c7a3cb682021-12-21 11:32:00.949root 11241100x8000000000000000538339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b21f96002e5f132021-12-21 11:32:01.443root 11241100x8000000000000000538340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab6e6a6eec09da12021-12-21 11:32:01.443root 11241100x8000000000000000538341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdba9867f6507f62021-12-21 11:32:01.443root 11241100x8000000000000000538342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde5060ca61519ca2021-12-21 11:32:01.443root 11241100x8000000000000000538343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a021146ba34cc9532021-12-21 11:32:01.444root 11241100x8000000000000000538344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a232dabd84d502af2021-12-21 11:32:01.444root 11241100x8000000000000000538345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e553ce5ff38042e62021-12-21 11:32:01.444root 11241100x8000000000000000538346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9155ec035f0fc5ed2021-12-21 11:32:01.444root 11241100x8000000000000000538347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6ca5f70e9648132021-12-21 11:32:01.444root 11241100x8000000000000000538348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edb74a8c6c989402021-12-21 11:32:01.444root 11241100x8000000000000000538349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988cf4d9399db75b2021-12-21 11:32:01.444root 11241100x8000000000000000538350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3147d21a5bf31a2021-12-21 11:32:01.444root 11241100x8000000000000000538351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bf965f479c08572021-12-21 11:32:01.444root 11241100x8000000000000000538352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146f6455b7ef830b2021-12-21 11:32:01.444root 11241100x8000000000000000538353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79b41de771f60652021-12-21 11:32:01.444root 11241100x8000000000000000538354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79678efb5b54add2021-12-21 11:32:01.445root 11241100x8000000000000000538355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab61950dfb474342021-12-21 11:32:01.445root 11241100x8000000000000000538356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a9e6fff98b49bd2021-12-21 11:32:01.445root 11241100x8000000000000000538357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0917a7af05135452021-12-21 11:32:01.445root 11241100x8000000000000000538358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde960fa2fef80d62021-12-21 11:32:01.445root 11241100x8000000000000000538359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b9aec100b0ea362021-12-21 11:32:01.445root 11241100x8000000000000000538360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b400d2072cef5c52021-12-21 11:32:01.445root 11241100x8000000000000000538361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b5b9aab77cb2052021-12-21 11:32:01.445root 11241100x8000000000000000538362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c214e966287ea22021-12-21 11:32:01.445root 11241100x8000000000000000538363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498e99ac3b25dc5f2021-12-21 11:32:01.943root 11241100x8000000000000000538364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1255b6250aac4e7c2021-12-21 11:32:01.943root 11241100x8000000000000000538365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6293dac812960f32021-12-21 11:32:01.943root 11241100x8000000000000000538366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33dae6bd155f7db2021-12-21 11:32:01.943root 11241100x8000000000000000538367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b57d8ba7d2e34e82021-12-21 11:32:01.944root 11241100x8000000000000000538368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3beef241b406bf3f2021-12-21 11:32:01.944root 11241100x8000000000000000538369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d069e7ddb68f362021-12-21 11:32:01.944root 11241100x8000000000000000538370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cbf1df83cb3b112021-12-21 11:32:01.944root 11241100x8000000000000000538371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d201b3ee8bfad32021-12-21 11:32:01.944root 11241100x8000000000000000538372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf7ae6d9dfc3bfb2021-12-21 11:32:01.944root 11241100x8000000000000000538373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75998557eea08292021-12-21 11:32:01.944root 11241100x8000000000000000538374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8dbf008d9045e22021-12-21 11:32:01.944root 11241100x8000000000000000538375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a91e458499e4aa92021-12-21 11:32:01.944root 11241100x8000000000000000538376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d39df6d40e6ceb12021-12-21 11:32:01.945root 11241100x8000000000000000538377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82c9bb1c1022ade2021-12-21 11:32:01.945root 11241100x8000000000000000538378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb81a6e5ec0ee4ba2021-12-21 11:32:01.945root 11241100x8000000000000000538379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3debf04a8223c752021-12-21 11:32:01.945root 11241100x8000000000000000538380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d25439d489085d2021-12-21 11:32:01.945root 11241100x8000000000000000538381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a4596941d22a3e2021-12-21 11:32:01.945root 11241100x8000000000000000538382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0fc877d1c90482021-12-21 11:32:01.945root 11241100x8000000000000000538383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8def485c2dfc73002021-12-21 11:32:01.945root 11241100x8000000000000000538384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a38f2c474df3892021-12-21 11:32:01.945root 11241100x8000000000000000538385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea90a925be6c62e2021-12-21 11:32:01.945root 11241100x8000000000000000538386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f56bff6df896d2d2021-12-21 11:32:01.945root 11241100x8000000000000000538387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3185d3d76a3fa2021-12-21 11:32:02.443root 11241100x8000000000000000538388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34afb67bbd824972021-12-21 11:32:02.443root 11241100x8000000000000000538389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b33875535c4d8102021-12-21 11:32:02.443root 11241100x8000000000000000538390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4cf4d6b607256c2021-12-21 11:32:02.444root 11241100x8000000000000000538391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8fd4e0b780437e2021-12-21 11:32:02.444root 11241100x8000000000000000538392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a881e2febba3b562021-12-21 11:32:02.444root 11241100x8000000000000000538393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9147637bc9f8da2021-12-21 11:32:02.444root 11241100x8000000000000000538394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9099a2b07faa00222021-12-21 11:32:02.444root 11241100x8000000000000000538395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced5fcb9ec90cd782021-12-21 11:32:02.444root 11241100x8000000000000000538396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e6350280b7526d2021-12-21 11:32:02.444root 11241100x8000000000000000538397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90b9f3e65afd3e92021-12-21 11:32:02.445root 11241100x8000000000000000538398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4d5c7173266c42021-12-21 11:32:02.445root 11241100x8000000000000000538399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aecb7778a060da2021-12-21 11:32:02.445root 11241100x8000000000000000538400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f6f813d7d9be832021-12-21 11:32:02.445root 11241100x8000000000000000538401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3299039072812af2021-12-21 11:32:02.445root 11241100x8000000000000000538402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dda91fd973e34ae2021-12-21 11:32:02.445root 11241100x8000000000000000538403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280ae3c50cbebc602021-12-21 11:32:02.445root 11241100x8000000000000000538404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22b1711e1ea05782021-12-21 11:32:02.445root 11241100x8000000000000000538405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4062aca369e04d2021-12-21 11:32:02.445root 11241100x8000000000000000538406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe24e6897fcea672021-12-21 11:32:02.445root 11241100x8000000000000000538407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a78f5f80a065d42021-12-21 11:32:02.446root 11241100x8000000000000000538408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089272a5fd8093ab2021-12-21 11:32:02.446root 11241100x8000000000000000538409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd463a413ce226f52021-12-21 11:32:02.446root 11241100x8000000000000000538410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e7d8f5bbd219132021-12-21 11:32:02.446root 11241100x8000000000000000538411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbb363532a061012021-12-21 11:32:02.446root 11241100x8000000000000000538412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd0a8836c2339f42021-12-21 11:32:02.446root 11241100x8000000000000000538413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c67d69dbf1e04a2021-12-21 11:32:02.446root 11241100x8000000000000000538414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db559ddd61b23192021-12-21 11:32:02.446root 11241100x8000000000000000538415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ddbc92c12ec2d42021-12-21 11:32:02.943root 11241100x8000000000000000538416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d139840f4fb9836f2021-12-21 11:32:02.943root 11241100x8000000000000000538417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e3b1f0effe8deb2021-12-21 11:32:02.943root 11241100x8000000000000000538418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf73e60c3fe50ed22021-12-21 11:32:02.943root 11241100x8000000000000000538419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06b447e63708a042021-12-21 11:32:02.943root 11241100x8000000000000000538420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7df98bc9e0569832021-12-21 11:32:02.943root 11241100x8000000000000000538421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdbe62ff39e12b82021-12-21 11:32:02.943root 11241100x8000000000000000538422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a941a3ab8a5fbb9c2021-12-21 11:32:02.943root 11241100x8000000000000000538423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb1b1346207ccb2021-12-21 11:32:02.944root 11241100x8000000000000000538424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce382656d670b12021-12-21 11:32:02.944root 11241100x8000000000000000538425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5f6d0cdcd303d2021-12-21 11:32:02.944root 11241100x8000000000000000538426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8bb27c4adefd6e2021-12-21 11:32:02.944root 11241100x8000000000000000538427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816e7b1c750bba702021-12-21 11:32:02.944root 11241100x8000000000000000538428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824c4bd182bf295b2021-12-21 11:32:02.944root 11241100x8000000000000000538429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7917efd8318293782021-12-21 11:32:02.944root 11241100x8000000000000000538430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911437a5bfba4b7c2021-12-21 11:32:02.944root 11241100x8000000000000000538431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca470ae8f46e55272021-12-21 11:32:02.944root 11241100x8000000000000000538432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c7eef33b0432ce2021-12-21 11:32:02.944root 11241100x8000000000000000538433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd70f65c66281c292021-12-21 11:32:02.945root 11241100x8000000000000000538434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967c1b7b2ee0d0fd2021-12-21 11:32:02.945root 11241100x8000000000000000538435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b09c427555086942021-12-21 11:32:02.945root 11241100x8000000000000000538436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a8360b0068d1f82021-12-21 11:32:02.945root 11241100x8000000000000000538437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834524cce15ea7d22021-12-21 11:32:02.945root 11241100x8000000000000000538438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9212534f663aa72021-12-21 11:32:02.945root 11241100x8000000000000000538439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef3cd40f14a1cbb2021-12-21 11:32:02.946root 11241100x8000000000000000538440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc018aec0cbc1ab2021-12-21 11:32:02.946root 11241100x8000000000000000538441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc225e319651d4fe2021-12-21 11:32:02.946root 11241100x8000000000000000538442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb901c22877317a2021-12-21 11:32:02.946root 11241100x8000000000000000538443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aaf6ba31a5e96b2021-12-21 11:32:02.946root 11241100x8000000000000000538444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d833922b861963a2021-12-21 11:32:02.946root 11241100x8000000000000000538445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3955259512fcce2021-12-21 11:32:02.946root 11241100x8000000000000000538446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a57666ebd300c232021-12-21 11:32:02.946root 11241100x8000000000000000538447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f600bcb111210cbc2021-12-21 11:32:02.946root 11241100x8000000000000000538448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300fbb9672456fc2021-12-21 11:32:02.946root 11241100x8000000000000000538449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb340cd2515132b82021-12-21 11:32:02.946root 11241100x8000000000000000538450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7403ef9958c28b532021-12-21 11:32:02.947root 11241100x8000000000000000538451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2a104c7a920632021-12-21 11:32:02.947root 11241100x8000000000000000538452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757d52ef975c2cd92021-12-21 11:32:02.947root 11241100x8000000000000000538453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7d54f282ed51352021-12-21 11:32:02.947root 11241100x8000000000000000538454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648d828a5ebced9c2021-12-21 11:32:02.947root 11241100x8000000000000000538455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e006eeb903d5d8612021-12-21 11:32:02.947root 11241100x8000000000000000538456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78f3d7136facb52021-12-21 11:32:02.947root 11241100x8000000000000000538457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342caa69c902ba3f2021-12-21 11:32:03.443root 11241100x8000000000000000538458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f7c87587a6acd2021-12-21 11:32:03.443root 11241100x8000000000000000538459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29efcd6bec83107f2021-12-21 11:32:03.443root 11241100x8000000000000000538460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc73415a50cf2a452021-12-21 11:32:03.443root 11241100x8000000000000000538461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53923a4f804b4e252021-12-21 11:32:03.444root 11241100x8000000000000000538462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba764a25f1fcd68c2021-12-21 11:32:03.444root 11241100x8000000000000000538463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8218c2fc858d9ed2021-12-21 11:32:03.444root 11241100x8000000000000000538464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9215716542ed90f32021-12-21 11:32:03.444root 11241100x8000000000000000538465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b62d470502b5cd52021-12-21 11:32:03.444root 11241100x8000000000000000538466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39739638c9acc73c2021-12-21 11:32:03.444root 11241100x8000000000000000538467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f8a1a26c260d22021-12-21 11:32:03.444root 11241100x8000000000000000538468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525e63570ce5a0af2021-12-21 11:32:03.444root 11241100x8000000000000000538469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824ae9bbd11b0da02021-12-21 11:32:03.444root 11241100x8000000000000000538470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ab8dd30d6b4d52021-12-21 11:32:03.444root 11241100x8000000000000000538471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92a77301046accc2021-12-21 11:32:03.444root 11241100x8000000000000000538472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c905532f4b44f852021-12-21 11:32:03.444root 11241100x8000000000000000538473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1496893dc4c6432021-12-21 11:32:03.444root 11241100x8000000000000000538474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb80598c43b62a2021-12-21 11:32:03.444root 11241100x8000000000000000538475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67454b49aab5bf5b2021-12-21 11:32:03.444root 11241100x8000000000000000538476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ebee49227977a42021-12-21 11:32:03.444root 11241100x8000000000000000538477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9684b44adb1a12842021-12-21 11:32:03.445root 11241100x8000000000000000538478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49e46d6963fb4b12021-12-21 11:32:03.445root 11241100x8000000000000000538479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7477a56c487df0e82021-12-21 11:32:03.445root 11241100x8000000000000000538480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37443eb0d47ff9512021-12-21 11:32:03.445root 11241100x8000000000000000538481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2df790e28980822021-12-21 11:32:03.943root 11241100x8000000000000000538482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8e77054cbce84d2021-12-21 11:32:03.943root 11241100x8000000000000000538483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8e100d0da75192021-12-21 11:32:03.943root 11241100x8000000000000000538484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba84fc067d8ed7ff2021-12-21 11:32:03.943root 11241100x8000000000000000538485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba753abce1006652021-12-21 11:32:03.943root 11241100x8000000000000000538486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae97f93f1c223f4b2021-12-21 11:32:03.943root 11241100x8000000000000000538487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f7915dac55a9e62021-12-21 11:32:03.943root 11241100x8000000000000000538488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb326366657249d2021-12-21 11:32:03.944root 11241100x8000000000000000538489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978f6f32a1dd62872021-12-21 11:32:03.944root 11241100x8000000000000000538490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a64f73e1b2400b2021-12-21 11:32:03.944root 11241100x8000000000000000538491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97351704f26f4652021-12-21 11:32:03.944root 11241100x8000000000000000538492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2152db21508ecda2021-12-21 11:32:03.944root 11241100x8000000000000000538493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb61e269533a5d612021-12-21 11:32:03.944root 11241100x8000000000000000538494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e7d844bb875d492021-12-21 11:32:03.944root 11241100x8000000000000000538495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205988ed031656cd2021-12-21 11:32:03.944root 11241100x8000000000000000538496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a15d8d9072fc1ea2021-12-21 11:32:03.944root 11241100x8000000000000000538497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df24597c3149b0b12021-12-21 11:32:03.944root 11241100x8000000000000000538498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1e934bd7e6237f2021-12-21 11:32:03.944root 11241100x8000000000000000538499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ca6519f7fd007a2021-12-21 11:32:03.945root 11241100x8000000000000000538500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b523b7b8950392021-12-21 11:32:03.945root 11241100x8000000000000000538501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e6f7e52ab7255a2021-12-21 11:32:03.945root 11241100x8000000000000000538502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552fc2b6b133607d2021-12-21 11:32:03.945root 11241100x8000000000000000538503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdc7d94af7a15322021-12-21 11:32:03.945root 11241100x8000000000000000538504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084a7460aaa8d7322021-12-21 11:32:03.945root 11241100x8000000000000000538505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b25aa5f2509c4e52021-12-21 11:32:03.945root 11241100x8000000000000000538506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d88cc5071202232021-12-21 11:32:03.945root 11241100x8000000000000000538507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e7ab23d40d3ec2021-12-21 11:32:03.945root 11241100x8000000000000000538508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c03a42894bc440f2021-12-21 11:32:03.945root 11241100x8000000000000000538509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdcbc3200440c5f2021-12-21 11:32:03.946root 354300x8000000000000000538510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48676-false10.0.1.12-8000- 11241100x8000000000000000538511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a77cee2cf07d2d2021-12-21 11:32:04.257root 11241100x8000000000000000538512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31723e4f32aa9ce02021-12-21 11:32:04.257root 11241100x8000000000000000538513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cad7e61e4c80ff2021-12-21 11:32:04.257root 11241100x8000000000000000538514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aed478d546174e2021-12-21 11:32:04.257root 11241100x8000000000000000538515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d22ea0c409dfb7f2021-12-21 11:32:04.257root 11241100x8000000000000000538516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1241d62eb775e3382021-12-21 11:32:04.257root 11241100x8000000000000000538517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338817e526896eeb2021-12-21 11:32:04.257root 11241100x8000000000000000538518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e219205f0f97f2021-12-21 11:32:04.258root 11241100x8000000000000000538519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df605d7f47ff1ec2021-12-21 11:32:04.258root 11241100x8000000000000000538520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48355fd4845799f62021-12-21 11:32:04.258root 11241100x8000000000000000538521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311ab86c2df7f232021-12-21 11:32:04.258root 11241100x8000000000000000538522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2e67ca22bb3b322021-12-21 11:32:04.258root 11241100x8000000000000000538523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e65779f93a7db12021-12-21 11:32:04.258root 11241100x8000000000000000538524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d21c0d653a8b4852021-12-21 11:32:04.258root 11241100x8000000000000000538525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3c5eee58750b3a2021-12-21 11:32:04.258root 11241100x8000000000000000538526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49a1b10178a0a52021-12-21 11:32:04.259root 11241100x8000000000000000538527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb24c2e4500d1952021-12-21 11:32:04.259root 11241100x8000000000000000538528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef031f9a92791eda2021-12-21 11:32:04.259root 11241100x8000000000000000538529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c2c25ac585b102021-12-21 11:32:04.259root 11241100x8000000000000000538530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a959cee86304182021-12-21 11:32:04.259root 11241100x8000000000000000538531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea18f773c63527442021-12-21 11:32:04.259root 11241100x8000000000000000538532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa049dc18b90df2021-12-21 11:32:04.259root 11241100x8000000000000000538533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a09caf7cd9f5e372021-12-21 11:32:04.259root 11241100x8000000000000000538534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf3b974f4569b52021-12-21 11:32:04.260root 11241100x8000000000000000538535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f90d876a8a4da2021-12-21 11:32:04.260root 11241100x8000000000000000538536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c192717248422a2021-12-21 11:32:04.260root 11241100x8000000000000000538537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bf0d78cb590d12021-12-21 11:32:04.260root 11241100x8000000000000000538538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61911148bc0fc72021-12-21 11:32:04.260root 11241100x8000000000000000538539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc495c0ababfaf682021-12-21 11:32:04.260root 11241100x8000000000000000538540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ba0ac901b50e912021-12-21 11:32:04.260root 11241100x8000000000000000538541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75c2534071ecc5b2021-12-21 11:32:04.260root 11241100x8000000000000000538542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fd96f98fe1042c2021-12-21 11:32:04.260root 11241100x8000000000000000538543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724cb6ebf716d702021-12-21 11:32:04.260root 11241100x8000000000000000538544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa44b1c9edd1dc12021-12-21 11:32:04.260root 11241100x8000000000000000538545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72aaf53dbfc1acd2021-12-21 11:32:04.261root 11241100x8000000000000000538546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a705a73d5c3132021-12-21 11:32:04.261root 11241100x8000000000000000538547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5828535904ad18112021-12-21 11:32:04.261root 11241100x8000000000000000538548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38782b5477c507442021-12-21 11:32:04.261root 11241100x8000000000000000538549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd0018700121752021-12-21 11:32:04.261root 11241100x8000000000000000538550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0109ed101a4314a2021-12-21 11:32:04.261root 11241100x8000000000000000538551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.261{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ced58581267e8c2021-12-21 11:32:04.261root 11241100x8000000000000000538552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8586d1187f61cad92021-12-21 11:32:04.693root 11241100x8000000000000000538553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8528bfbddafb2c82021-12-21 11:32:04.693root 11241100x8000000000000000538554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec189ff7829c94f02021-12-21 11:32:04.693root 11241100x8000000000000000538555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca677ac63e3c9a72021-12-21 11:32:04.693root 11241100x8000000000000000538556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8da6566e120ff8a2021-12-21 11:32:04.693root 11241100x8000000000000000538557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce916876b697af7e2021-12-21 11:32:04.693root 11241100x8000000000000000538558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dedf21f6b7413b2021-12-21 11:32:04.694root 11241100x8000000000000000538559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390a90ab50c949432021-12-21 11:32:04.694root 11241100x8000000000000000538560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c6c2c79b0e97b2021-12-21 11:32:04.694root 11241100x8000000000000000538561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deaab01828fc52c2021-12-21 11:32:04.694root 11241100x8000000000000000538562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b899e9034083c02021-12-21 11:32:04.694root 11241100x8000000000000000538563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8290487c5c2c4a2021-12-21 11:32:04.694root 11241100x8000000000000000538564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd077b80668a4fa62021-12-21 11:32:04.695root 11241100x8000000000000000538565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ef9a1f63bf14cd2021-12-21 11:32:04.695root 11241100x8000000000000000538566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97242306594edc232021-12-21 11:32:04.695root 11241100x8000000000000000538567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78128c731853e1f2021-12-21 11:32:04.695root 11241100x8000000000000000538568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8cee83216a00772021-12-21 11:32:04.695root 11241100x8000000000000000538569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81bae241c4876f2021-12-21 11:32:04.696root 11241100x8000000000000000538570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc54f03d0928b9732021-12-21 11:32:04.696root 11241100x8000000000000000538571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60328c4da3925b2021-12-21 11:32:04.696root 11241100x8000000000000000538572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e1769846087112021-12-21 11:32:04.696root 11241100x8000000000000000538573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd578fbf6c4f7222021-12-21 11:32:04.696root 11241100x8000000000000000538574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d5f9f516de7d42021-12-21 11:32:04.696root 11241100x8000000000000000538575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e2cf376ea63142021-12-21 11:32:04.696root 11241100x8000000000000000538576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83990ff3d8a1c5062021-12-21 11:32:04.697root 11241100x8000000000000000538577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ee1152f4b7ec732021-12-21 11:32:05.193root 11241100x8000000000000000538578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db5412f92c8fc0f2021-12-21 11:32:05.194root 11241100x8000000000000000538579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7341c24b88a9efc52021-12-21 11:32:05.194root 11241100x8000000000000000538580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfdf6bc60f17c782021-12-21 11:32:05.194root 11241100x8000000000000000538581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7e04f21d7695cb2021-12-21 11:32:05.194root 11241100x8000000000000000538582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301e83ec012b71662021-12-21 11:32:05.194root 11241100x8000000000000000538583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc850c9a5c84352021-12-21 11:32:05.194root 11241100x8000000000000000538584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2d091848ae41022021-12-21 11:32:05.194root 11241100x8000000000000000538585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfee386acdec97c2021-12-21 11:32:05.194root 11241100x8000000000000000538586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7267b8875ec33482021-12-21 11:32:05.194root 11241100x8000000000000000538587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b55b0ef6ff3e1bf2021-12-21 11:32:05.194root 11241100x8000000000000000538588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ddac6d051a9512021-12-21 11:32:05.195root 11241100x8000000000000000538589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6910bba4a219782021-12-21 11:32:05.195root 11241100x8000000000000000538590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771ff623a968af92021-12-21 11:32:05.195root 11241100x8000000000000000538591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8551676176bfcf2021-12-21 11:32:05.195root 11241100x8000000000000000538592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b778120068ba7c2021-12-21 11:32:05.195root 11241100x8000000000000000538593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492beeddbd69859d2021-12-21 11:32:05.195root 11241100x8000000000000000538594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6315daa517036b32021-12-21 11:32:05.195root 11241100x8000000000000000538595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459da2b22c431c62021-12-21 11:32:05.195root 11241100x8000000000000000538596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09262a9f3b5ca232021-12-21 11:32:05.196root 11241100x8000000000000000538597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2ac51451ae95742021-12-21 11:32:05.196root 11241100x8000000000000000538598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc7b4e90f5c619b2021-12-21 11:32:05.196root 11241100x8000000000000000538599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dfc5d625d052b22021-12-21 11:32:05.196root 11241100x8000000000000000538600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53431daa4d457bb2021-12-21 11:32:05.196root 11241100x8000000000000000538601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bcfccffc9a45e82021-12-21 11:32:05.196root 11241100x8000000000000000538602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deaee44ae37dd512021-12-21 11:32:05.693root 11241100x8000000000000000538603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca146e0d5bddb002021-12-21 11:32:05.693root 11241100x8000000000000000538604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103253e287df87932021-12-21 11:32:05.693root 11241100x8000000000000000538605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f87a877a5f90aaf2021-12-21 11:32:05.693root 11241100x8000000000000000538606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc7df52226ac492021-12-21 11:32:05.693root 11241100x8000000000000000538607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e240d3c53ce1b22021-12-21 11:32:05.693root 11241100x8000000000000000538608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e62c53115b15702021-12-21 11:32:05.693root 11241100x8000000000000000538609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f35d6e22fbc7f82021-12-21 11:32:05.694root 11241100x8000000000000000538610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6631742e25dd7f392021-12-21 11:32:05.694root 11241100x8000000000000000538611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb6606c172129d2021-12-21 11:32:05.694root 11241100x8000000000000000538612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb77c79c4daa96362021-12-21 11:32:05.694root 11241100x8000000000000000538613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077cd332f67573f42021-12-21 11:32:05.694root 11241100x8000000000000000538614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408abf45e331b552021-12-21 11:32:05.694root 11241100x8000000000000000538615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a560f96037873e402021-12-21 11:32:05.694root 11241100x8000000000000000538616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128bc29b159fc65c2021-12-21 11:32:05.694root 11241100x8000000000000000538617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0bf4f852347d842021-12-21 11:32:05.694root 11241100x8000000000000000538618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effe54a6d0f7a602021-12-21 11:32:05.694root 11241100x8000000000000000538619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae538bc79283c52021-12-21 11:32:05.694root 11241100x8000000000000000538620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b95398b13bcbf62021-12-21 11:32:05.695root 11241100x8000000000000000538621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dcfa5e2de910a52021-12-21 11:32:05.695root 11241100x8000000000000000538622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab845cc080ac659e2021-12-21 11:32:05.695root 11241100x8000000000000000538623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1c8b58f0bbce282021-12-21 11:32:05.695root 11241100x8000000000000000538624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8d511691c9e2dc2021-12-21 11:32:05.696root 11241100x8000000000000000538625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d184dbe020b9502021-12-21 11:32:05.696root 11241100x8000000000000000538626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5486ced1a60f26d62021-12-21 11:32:05.696root 11241100x8000000000000000538627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9cd5a6264a0fb72021-12-21 11:32:05.696root 11241100x8000000000000000538628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21219855d6af8ba82021-12-21 11:32:05.696root 11241100x8000000000000000538629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fef736d30e769e2021-12-21 11:32:05.696root 11241100x8000000000000000538630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5901a23b13c00e42021-12-21 11:32:05.696root 11241100x8000000000000000538631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657e7acd782604862021-12-21 11:32:05.696root 11241100x8000000000000000538632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed578401c993962021-12-21 11:32:05.696root 11241100x8000000000000000538633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1694c282cf074c942021-12-21 11:32:05.697root 11241100x8000000000000000538634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b5ea54a9bca502021-12-21 11:32:05.697root 11241100x8000000000000000538635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993aaa085c64e772021-12-21 11:32:05.697root 11241100x8000000000000000538636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60abd83e619fc8462021-12-21 11:32:05.697root 11241100x8000000000000000538637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a189e574cb9b722021-12-21 11:32:05.697root 11241100x8000000000000000538638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42091db62b84919d2021-12-21 11:32:05.697root 11241100x8000000000000000538639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc82511a382d3cbc2021-12-21 11:32:05.698root 11241100x8000000000000000538640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b5f43e4d0118742021-12-21 11:32:05.698root 11241100x8000000000000000538641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8dd3d218261242021-12-21 11:32:05.698root 11241100x8000000000000000538642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c07e46d77589852021-12-21 11:32:05.698root 11241100x8000000000000000538643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffa10c0779f65472021-12-21 11:32:05.698root 11241100x8000000000000000538644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:05.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b430e93e558268782021-12-21 11:32:05.698root 11241100x8000000000000000538645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad55fa9ab3b6e582021-12-21 11:32:06.192root 11241100x8000000000000000538646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47de3513e458aa1e2021-12-21 11:32:06.193root 11241100x8000000000000000538647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936680a0a8914d712021-12-21 11:32:06.193root 11241100x8000000000000000538648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fe9793ea36630e2021-12-21 11:32:06.193root 11241100x8000000000000000538649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee592f09da4e5ede2021-12-21 11:32:06.194root 11241100x8000000000000000538650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e53b76d2cfe16ea2021-12-21 11:32:06.194root 11241100x8000000000000000538651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5a192798cfd632021-12-21 11:32:06.194root 11241100x8000000000000000538652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cf311c7575cf442021-12-21 11:32:06.194root 11241100x8000000000000000538653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928b90fc5f801d322021-12-21 11:32:06.195root 11241100x8000000000000000538654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc0b4779fefbec2021-12-21 11:32:06.195root 11241100x8000000000000000538655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc417586cb13a8a2021-12-21 11:32:06.195root 11241100x8000000000000000538656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991263915e748d5e2021-12-21 11:32:06.195root 11241100x8000000000000000538657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f37204135109da2021-12-21 11:32:06.195root 11241100x8000000000000000538658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b874dbd795048fe2021-12-21 11:32:06.195root 11241100x8000000000000000538659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d9f2e89a19ac842021-12-21 11:32:06.195root 11241100x8000000000000000538660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9784ad0d49d7ea532021-12-21 11:32:06.195root 11241100x8000000000000000538661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a690731e6e8f5c2021-12-21 11:32:06.196root 11241100x8000000000000000538662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d2329f14fadfad2021-12-21 11:32:06.196root 11241100x8000000000000000538663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01ddca09477f3162021-12-21 11:32:06.196root 11241100x8000000000000000538664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648b36d8cdb5a8392021-12-21 11:32:06.196root 11241100x8000000000000000538665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808bb030082f581c2021-12-21 11:32:06.196root 11241100x8000000000000000538666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7364bc17b0dff82021-12-21 11:32:06.198root 11241100x8000000000000000538667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ccc1c9144434f72021-12-21 11:32:06.198root 11241100x8000000000000000538668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5300232d789cbd9a2021-12-21 11:32:06.198root 11241100x8000000000000000538669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c5ee2168dd21ed2021-12-21 11:32:06.199root 11241100x8000000000000000538670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06df93224bcaa84f2021-12-21 11:32:06.200root 11241100x8000000000000000538671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecec7bf1c0e848d2021-12-21 11:32:06.200root 11241100x8000000000000000538672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16fce92fb61dc7a2021-12-21 11:32:06.200root 11241100x8000000000000000538673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfee005d54d0d992021-12-21 11:32:06.201root 11241100x8000000000000000538674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d73114ef0dbc52021-12-21 11:32:06.201root 11241100x8000000000000000538675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722d6c573c9d47962021-12-21 11:32:06.202root 11241100x8000000000000000538676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fb793bb032c5cd2021-12-21 11:32:06.203root 11241100x8000000000000000538677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.326{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:32:06.326root 11241100x8000000000000000538678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95351b04ff738fdf2021-12-21 11:32:06.693root 11241100x8000000000000000538679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a946d47b61c12b442021-12-21 11:32:06.693root 11241100x8000000000000000538680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba21218e2c3dd232021-12-21 11:32:06.693root 11241100x8000000000000000538681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f777e8fa1dedf72021-12-21 11:32:06.693root 11241100x8000000000000000538682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c476881120d1c0ed2021-12-21 11:32:06.693root 11241100x8000000000000000538683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35779678bf01d4262021-12-21 11:32:06.694root 11241100x8000000000000000538684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8b885df835b1342021-12-21 11:32:06.694root 11241100x8000000000000000538685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb43e60ed7c7a12021-12-21 11:32:06.694root 11241100x8000000000000000538686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92049e0b49e1ccb2021-12-21 11:32:06.694root 11241100x8000000000000000538687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb45b4553a197f2021-12-21 11:32:06.694root 11241100x8000000000000000538688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f02d8dde06c03af2021-12-21 11:32:06.694root 11241100x8000000000000000538689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda288c38a7f4ec12021-12-21 11:32:06.694root 11241100x8000000000000000538690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1273a07dbeaf95482021-12-21 11:32:06.694root 11241100x8000000000000000538691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaba97a922adf4d2021-12-21 11:32:06.694root 11241100x8000000000000000538692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824a825763766ce32021-12-21 11:32:06.694root 11241100x8000000000000000538693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2373d55da838dfa2021-12-21 11:32:06.694root 11241100x8000000000000000538694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98a68cd06a541922021-12-21 11:32:06.694root 11241100x8000000000000000538695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6f899e169559ad2021-12-21 11:32:06.694root 11241100x8000000000000000538696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f79e2b2283a712021-12-21 11:32:06.694root 11241100x8000000000000000538697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e218b61c948c3e2021-12-21 11:32:06.694root 11241100x8000000000000000538698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15316c23b3f328f42021-12-21 11:32:06.695root 11241100x8000000000000000538699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8a8fa9187b6a8c2021-12-21 11:32:06.695root 11241100x8000000000000000538700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8494eb8c20a406a92021-12-21 11:32:06.695root 11241100x8000000000000000538701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e2e3775bb257682021-12-21 11:32:06.695root 11241100x8000000000000000538702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd0eb889725a3522021-12-21 11:32:06.695root 11241100x8000000000000000538703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b725e6c6cf1c66c2021-12-21 11:32:06.695root 11241100x8000000000000000538704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258245193e3ad53b2021-12-21 11:32:06.695root 11241100x8000000000000000538705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dceac64fb82634082021-12-21 11:32:06.695root 11241100x8000000000000000538706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20845af2d7eed6f42021-12-21 11:32:06.695root 11241100x8000000000000000538707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5980be2afd253012021-12-21 11:32:06.696root 11241100x8000000000000000538708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271a7bf5f853c2de2021-12-21 11:32:06.696root 11241100x8000000000000000538709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef3f36dd519d85f2021-12-21 11:32:06.697root 11241100x8000000000000000538710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e98aa3081cbb2e2021-12-21 11:32:06.697root 11241100x8000000000000000538711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8964cfcbd0dd301e2021-12-21 11:32:07.193root 11241100x8000000000000000538712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93879d02ac7e319d2021-12-21 11:32:07.193root 11241100x8000000000000000538713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e82eaf13ddfc8da2021-12-21 11:32:07.193root 11241100x8000000000000000538714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529695ba030e2f3b2021-12-21 11:32:07.193root 11241100x8000000000000000538715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8abe0e3bb104aa2021-12-21 11:32:07.193root 11241100x8000000000000000538716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e163ea4a820c62021-12-21 11:32:07.193root 11241100x8000000000000000538717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4cb8cffa99e8e72021-12-21 11:32:07.193root 11241100x8000000000000000538718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26248863d220f2572021-12-21 11:32:07.194root 11241100x8000000000000000538719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c123e7ecea028502021-12-21 11:32:07.194root 11241100x8000000000000000538720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82afa7d9b2d791242021-12-21 11:32:07.194root 11241100x8000000000000000538721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b29f74e5b314432021-12-21 11:32:07.194root 11241100x8000000000000000538722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0776010a6c3ab2021-12-21 11:32:07.194root 11241100x8000000000000000538723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbea3b74ffcd93382021-12-21 11:32:07.194root 11241100x8000000000000000538724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58eeb7b2c806cd4e2021-12-21 11:32:07.194root 11241100x8000000000000000538725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8cf673a73185f2021-12-21 11:32:07.194root 11241100x8000000000000000538726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f57d3c02ab73d42021-12-21 11:32:07.194root 11241100x8000000000000000538727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717d670f57568b542021-12-21 11:32:07.194root 11241100x8000000000000000538728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0c486aa71be5c12021-12-21 11:32:07.194root 11241100x8000000000000000538729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca54221dfc8b9b8f2021-12-21 11:32:07.194root 11241100x8000000000000000538730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c68ba94e9470942021-12-21 11:32:07.194root 11241100x8000000000000000538731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02362848a574612021-12-21 11:32:07.195root 11241100x8000000000000000538732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb85d723938f6b2021-12-21 11:32:07.195root 11241100x8000000000000000538733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c99b85c889292c52021-12-21 11:32:07.195root 11241100x8000000000000000538734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5fc4a91f757bb2021-12-21 11:32:07.195root 11241100x8000000000000000538735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ff3594e4e750c2021-12-21 11:32:07.195root 11241100x8000000000000000538736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bf64582de0de22021-12-21 11:32:07.195root 11241100x8000000000000000538737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e229909ab805a14a2021-12-21 11:32:07.693root 11241100x8000000000000000538738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f9545472d1ff22021-12-21 11:32:07.693root 11241100x8000000000000000538739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88e7a8de0aa70bc2021-12-21 11:32:07.693root 11241100x8000000000000000538740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4f85a172775e172021-12-21 11:32:07.693root 11241100x8000000000000000538741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c7c7f451a49e32021-12-21 11:32:07.693root 11241100x8000000000000000538742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f85e0579c003392021-12-21 11:32:07.693root 11241100x8000000000000000538743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0b6cc4f728d8a82021-12-21 11:32:07.693root 11241100x8000000000000000538744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba9dba957f198c02021-12-21 11:32:07.693root 11241100x8000000000000000538745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c997b1b89e72ca22021-12-21 11:32:07.693root 11241100x8000000000000000538746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb1acd795e3fe8f2021-12-21 11:32:07.694root 11241100x8000000000000000538747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36ff9ffb6da3a2d2021-12-21 11:32:07.694root 11241100x8000000000000000538748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5d6962c3c8a572021-12-21 11:32:07.694root 11241100x8000000000000000538749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c403f50818a1f6972021-12-21 11:32:07.694root 11241100x8000000000000000538750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3151a9abfa4dd012021-12-21 11:32:07.694root 11241100x8000000000000000538751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30171471e5891cab2021-12-21 11:32:07.694root 11241100x8000000000000000538752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af5ffc4dce39fe52021-12-21 11:32:07.694root 11241100x8000000000000000538753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b758225e262ef23a2021-12-21 11:32:07.694root 11241100x8000000000000000538754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d617b0779090ce72021-12-21 11:32:07.694root 11241100x8000000000000000538755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2527e3203d8a26de2021-12-21 11:32:07.694root 11241100x8000000000000000538756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198898598e7483b82021-12-21 11:32:07.694root 11241100x8000000000000000538757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa9817758b40ac72021-12-21 11:32:07.694root 11241100x8000000000000000538758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4752c6a155f2f1d2021-12-21 11:32:07.695root 11241100x8000000000000000538759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d50f6143457a112021-12-21 11:32:07.695root 11241100x8000000000000000538760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055361581793f3a12021-12-21 11:32:07.695root 11241100x8000000000000000538761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28904b6cc8eb9dce2021-12-21 11:32:07.695root 11241100x8000000000000000538762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40c8c8f1de7f0042021-12-21 11:32:07.695root 11241100x8000000000000000538763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95087234c23bbd7e2021-12-21 11:32:07.695root 11241100x8000000000000000538764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76dfb85741f755d2021-12-21 11:32:08.193root 11241100x8000000000000000538765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca02de09e703542021-12-21 11:32:08.193root 11241100x8000000000000000538766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4233bd181f3092021-12-21 11:32:08.193root 11241100x8000000000000000538767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b2706c013b2982021-12-21 11:32:08.193root 11241100x8000000000000000538768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271033cf2e369b662021-12-21 11:32:08.193root 11241100x8000000000000000538769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be31fa133724e8402021-12-21 11:32:08.193root 11241100x8000000000000000538770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86872491b3bc05ec2021-12-21 11:32:08.193root 11241100x8000000000000000538771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a059f4c462ad04a72021-12-21 11:32:08.193root 11241100x8000000000000000538772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d51412833cb3f2021-12-21 11:32:08.193root 11241100x8000000000000000538773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c61c0cf00c994bd2021-12-21 11:32:08.194root 11241100x8000000000000000538774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a69ae9b586b592021-12-21 11:32:08.194root 11241100x8000000000000000538775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ebf6371b5f709e2021-12-21 11:32:08.194root 11241100x8000000000000000538776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25283b77e17952042021-12-21 11:32:08.194root 11241100x8000000000000000538777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6ba114e0303e72021-12-21 11:32:08.194root 11241100x8000000000000000538778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba985cb1a976f66f2021-12-21 11:32:08.194root 11241100x8000000000000000538779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3b576f1e40962a2021-12-21 11:32:08.194root 11241100x8000000000000000538780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317143bf3bcbf1042021-12-21 11:32:08.194root 11241100x8000000000000000538781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f4d6d571d3979f2021-12-21 11:32:08.194root 11241100x8000000000000000538782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d40ffda6fdfc1022021-12-21 11:32:08.194root 11241100x8000000000000000538783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5aac42e9067f732021-12-21 11:32:08.194root 11241100x8000000000000000538784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fc56a4d6886502021-12-21 11:32:08.194root 11241100x8000000000000000538785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387b3dc9dc17ff32021-12-21 11:32:08.194root 11241100x8000000000000000538786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146537a9daa286e52021-12-21 11:32:08.194root 11241100x8000000000000000538787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21199973d6ebd5152021-12-21 11:32:08.195root 11241100x8000000000000000538788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d60f8f2bff68cd2021-12-21 11:32:08.195root 11241100x8000000000000000538789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee85081ec248138e2021-12-21 11:32:08.195root 11241100x8000000000000000538790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8913d1372510dd282021-12-21 11:32:08.693root 11241100x8000000000000000538791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a863892ee5ed4452021-12-21 11:32:08.693root 11241100x8000000000000000538792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b117c5651952f44c2021-12-21 11:32:08.694root 11241100x8000000000000000538793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e954489627e26c2c2021-12-21 11:32:08.694root 11241100x8000000000000000538794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1305def71a1d0d2021-12-21 11:32:08.694root 11241100x8000000000000000538795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822366e9e9cdd6c22021-12-21 11:32:08.694root 11241100x8000000000000000538796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56154014f842ebd72021-12-21 11:32:08.694root 11241100x8000000000000000538797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a83f46ddb38af072021-12-21 11:32:08.694root 11241100x8000000000000000538798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c524143a00782c62021-12-21 11:32:08.694root 11241100x8000000000000000538799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a545334b439a0b2021-12-21 11:32:08.694root 11241100x8000000000000000538800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4914ecaa65a1742021-12-21 11:32:08.694root 11241100x8000000000000000538801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33ca760012745702021-12-21 11:32:08.694root 11241100x8000000000000000538802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b345de39c9c8e5cd2021-12-21 11:32:08.694root 11241100x8000000000000000538803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db6f90ceff69e562021-12-21 11:32:08.694root 11241100x8000000000000000538804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785235ea819007932021-12-21 11:32:08.694root 11241100x8000000000000000538805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ea8c974af63be2021-12-21 11:32:08.694root 11241100x8000000000000000538806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a742717e7bf09a322021-12-21 11:32:08.694root 11241100x8000000000000000538807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c826c5ad1e546d2d2021-12-21 11:32:08.695root 11241100x8000000000000000538808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b61ea8712dbb412021-12-21 11:32:08.695root 11241100x8000000000000000538809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb94b9213b21122021-12-21 11:32:08.695root 11241100x8000000000000000538810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871d64ee683c5912021-12-21 11:32:08.695root 11241100x8000000000000000538811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca927d0ef62ba32021-12-21 11:32:08.695root 11241100x8000000000000000538812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c35f341577846be2021-12-21 11:32:08.695root 11241100x8000000000000000538813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b568cbef08f9492021-12-21 11:32:08.695root 11241100x8000000000000000538814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159c1dd380772dfe2021-12-21 11:32:08.695root 11241100x8000000000000000538815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b3c14f2d8470bd2021-12-21 11:32:08.695root 11241100x8000000000000000538816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fe2df7e019b55e2021-12-21 11:32:09.193root 11241100x8000000000000000538817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7705db7afaffe9d22021-12-21 11:32:09.193root 11241100x8000000000000000538818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e27a4a115998ebc2021-12-21 11:32:09.193root 11241100x8000000000000000538819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b132bf6f818aa7d2021-12-21 11:32:09.193root 11241100x8000000000000000538820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7d0329ec4cf15e2021-12-21 11:32:09.193root 11241100x8000000000000000538821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ccb381bfef4c752021-12-21 11:32:09.193root 11241100x8000000000000000538822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9ae5eba21d0ed02021-12-21 11:32:09.193root 11241100x8000000000000000538823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a91f0af9fc900002021-12-21 11:32:09.193root 11241100x8000000000000000538824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd055b72656ec642021-12-21 11:32:09.193root 11241100x8000000000000000538825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69329a506fadc2602021-12-21 11:32:09.193root 11241100x8000000000000000538826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68075b1d295608e72021-12-21 11:32:09.193root 11241100x8000000000000000538827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24d8c1f1fcf21a22021-12-21 11:32:09.194root 11241100x8000000000000000538828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f7db5acd62bcca2021-12-21 11:32:09.194root 11241100x8000000000000000538829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6498de5420c576f02021-12-21 11:32:09.194root 11241100x8000000000000000538830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659508379330e12c2021-12-21 11:32:09.194root 11241100x8000000000000000538831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474ebf4790332dd82021-12-21 11:32:09.194root 11241100x8000000000000000538832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026e02421f7795c42021-12-21 11:32:09.194root 11241100x8000000000000000538833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f9e00afade8af2021-12-21 11:32:09.194root 11241100x8000000000000000538834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6003855c4ffe25422021-12-21 11:32:09.194root 11241100x8000000000000000538835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e877c66d556a5fbd2021-12-21 11:32:09.194root 11241100x8000000000000000538836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed247375ec6a59ed2021-12-21 11:32:09.194root 11241100x8000000000000000538837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95be44ecb20f4502021-12-21 11:32:09.194root 11241100x8000000000000000538838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3001d55322c0021c2021-12-21 11:32:09.194root 11241100x8000000000000000538839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f232512893ff76b2021-12-21 11:32:09.194root 11241100x8000000000000000538840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cef2757faada992021-12-21 11:32:09.194root 11241100x8000000000000000538841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eb83073eefb3352021-12-21 11:32:09.194root 11241100x8000000000000000538842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50e4b4765af3d252021-12-21 11:32:09.194root 23542300x8000000000000000538843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000538844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9ea50d620c86d2021-12-21 11:32:09.693root 11241100x8000000000000000538845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e629e33a5c96fa6c2021-12-21 11:32:09.693root 11241100x8000000000000000538846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da79ecd322d3fdfe2021-12-21 11:32:09.693root 11241100x8000000000000000538847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afa08518e59281a2021-12-21 11:32:09.693root 11241100x8000000000000000538848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ff63917c1410e72021-12-21 11:32:09.694root 11241100x8000000000000000538849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a785dcea43b4951a2021-12-21 11:32:09.694root 11241100x8000000000000000538850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ee51c7700759c72021-12-21 11:32:09.694root 11241100x8000000000000000538851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9433a5358775a7c2021-12-21 11:32:09.694root 11241100x8000000000000000538852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f2cf44601eb732021-12-21 11:32:09.694root 11241100x8000000000000000538853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08489ccd3c0cdd02021-12-21 11:32:09.694root 11241100x8000000000000000538854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8842c8c43054fde2021-12-21 11:32:09.694root 11241100x8000000000000000538855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ed53b20bce65492021-12-21 11:32:09.694root 11241100x8000000000000000538856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7309fa848fb2352021-12-21 11:32:09.694root 11241100x8000000000000000538857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431b974cfebdbac72021-12-21 11:32:09.694root 11241100x8000000000000000538858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d327d86473e0158c2021-12-21 11:32:09.694root 11241100x8000000000000000538859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ba253a8c7a7132021-12-21 11:32:09.694root 11241100x8000000000000000538860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b246d534c31c3d2021-12-21 11:32:09.694root 11241100x8000000000000000538861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f157806f1aecfa12021-12-21 11:32:09.695root 11241100x8000000000000000538862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae2c76226bcedd2021-12-21 11:32:09.695root 11241100x8000000000000000538863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d3512d625598922021-12-21 11:32:09.695root 11241100x8000000000000000538864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027e6a6380adb772021-12-21 11:32:09.695root 11241100x8000000000000000538865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa14edb5d2a9a12021-12-21 11:32:09.695root 11241100x8000000000000000538866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd5036276c4d7d2021-12-21 11:32:09.695root 11241100x8000000000000000538867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e7947df6c40c92021-12-21 11:32:09.695root 11241100x8000000000000000538868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fe40710a35b8912021-12-21 11:32:09.695root 11241100x8000000000000000538869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eca7d4fca12e7e2021-12-21 11:32:09.695root 11241100x8000000000000000538870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e795fe2d881d522021-12-21 11:32:09.695root 354300x8000000000000000538871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.184{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48678-false10.0.1.12-8000- 11241100x8000000000000000538872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fec0ef92315aac2021-12-21 11:32:10.185root 11241100x8000000000000000538873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ce3381f7dbea62021-12-21 11:32:10.185root 11241100x8000000000000000538874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784b4bbeff11e7a2021-12-21 11:32:10.185root 11241100x8000000000000000538875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a8fd377c42d50a2021-12-21 11:32:10.185root 11241100x8000000000000000538876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89696cddafe7f4742021-12-21 11:32:10.185root 11241100x8000000000000000538877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b284c6976332a112021-12-21 11:32:10.185root 11241100x8000000000000000538878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e0155662849a502021-12-21 11:32:10.186root 11241100x8000000000000000538879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89fbec784bfe3682021-12-21 11:32:10.186root 11241100x8000000000000000538880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9dd1b057e7ebb32021-12-21 11:32:10.186root 11241100x8000000000000000538881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6472f076e8e516772021-12-21 11:32:10.186root 11241100x8000000000000000538882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5938691d4c0a0e2021-12-21 11:32:10.186root 11241100x8000000000000000538883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d09591aa3747c62021-12-21 11:32:10.186root 11241100x8000000000000000538884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c174026e55da42a2021-12-21 11:32:10.186root 11241100x8000000000000000538885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b02331ae62f7062021-12-21 11:32:10.186root 11241100x8000000000000000538886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895eb0613132571b2021-12-21 11:32:10.186root 11241100x8000000000000000538887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b4061d2e4892f52021-12-21 11:32:10.186root 11241100x8000000000000000538888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f02bfc5c9a51b02021-12-21 11:32:10.186root 11241100x8000000000000000538889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2680feba3f0835762021-12-21 11:32:10.186root 11241100x8000000000000000538890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae8322a785ee9a92021-12-21 11:32:10.186root 11241100x8000000000000000538891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3e2ec555b5f1752021-12-21 11:32:10.186root 11241100x8000000000000000538892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c06d499b7bfd62021-12-21 11:32:10.186root 11241100x8000000000000000538893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b9ce29766842f72021-12-21 11:32:10.186root 11241100x8000000000000000538894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b8f06a9168548d2021-12-21 11:32:10.186root 11241100x8000000000000000538895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add9ac05979ee722021-12-21 11:32:10.187root 11241100x8000000000000000538896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8197efeb523ec22021-12-21 11:32:10.187root 11241100x8000000000000000538897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a69d6a03d3811292021-12-21 11:32:10.187root 11241100x8000000000000000538898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325b8167c0294572021-12-21 11:32:10.187root 11241100x8000000000000000538899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bf0b7308e805472021-12-21 11:32:10.187root 11241100x8000000000000000538900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc35c90aa11db7252021-12-21 11:32:10.443root 11241100x8000000000000000538901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511b67280ba9f312021-12-21 11:32:10.443root 11241100x8000000000000000538902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8088aac2026e0e6e2021-12-21 11:32:10.443root 11241100x8000000000000000538903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afab570c94b26d02021-12-21 11:32:10.443root 11241100x8000000000000000538904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54404e9a2b4faf782021-12-21 11:32:10.443root 11241100x8000000000000000538905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b103439b9d54072021-12-21 11:32:10.443root 11241100x8000000000000000538906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76c04a022dba7dd2021-12-21 11:32:10.443root 11241100x8000000000000000538907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e3321a9bb66722021-12-21 11:32:10.443root 11241100x8000000000000000538908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee915bfb366030872021-12-21 11:32:10.443root 11241100x8000000000000000538909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32685f5f7d55acc2021-12-21 11:32:10.443root 11241100x8000000000000000538910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8f3823a75e1ea62021-12-21 11:32:10.443root 11241100x8000000000000000538911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256f2e1a9c35bfb2021-12-21 11:32:10.443root 11241100x8000000000000000538912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aab825533fd2f92021-12-21 11:32:10.444root 11241100x8000000000000000538913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68878cc3490e3272021-12-21 11:32:10.444root 11241100x8000000000000000538914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6903de1ddf19552a2021-12-21 11:32:10.444root 11241100x8000000000000000538915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe02d28b655b64dd2021-12-21 11:32:10.444root 11241100x8000000000000000538916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7b20b29e2a34aa2021-12-21 11:32:10.444root 11241100x8000000000000000538917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2f80a794f2112f2021-12-21 11:32:10.444root 11241100x8000000000000000538918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab08c27ad7b93c2021-12-21 11:32:10.444root 11241100x8000000000000000538919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5f9eb9d746ca6e2021-12-21 11:32:10.444root 11241100x8000000000000000538920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78515b79b1c39dfe2021-12-21 11:32:10.444root 11241100x8000000000000000538921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e537e6641b86c95f2021-12-21 11:32:10.444root 11241100x8000000000000000538922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cc4269bc5a2ee12021-12-21 11:32:10.444root 11241100x8000000000000000538923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614c4ad4acdb157c2021-12-21 11:32:10.444root 11241100x8000000000000000538924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d0a20c770a3fc2021-12-21 11:32:10.444root 11241100x8000000000000000538925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b60a6e0f39b5df12021-12-21 11:32:10.444root 11241100x8000000000000000538926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd950eed59a387e42021-12-21 11:32:10.445root 11241100x8000000000000000538927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0458b03af58f32021-12-21 11:32:10.445root 11241100x8000000000000000538928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc796cadc918b3ed2021-12-21 11:32:10.445root 11241100x8000000000000000538929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedc10ae9f1dd9ea2021-12-21 11:32:10.943root 11241100x8000000000000000538930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df08e96dca2053522021-12-21 11:32:10.943root 11241100x8000000000000000538931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9b942cc3182e4a2021-12-21 11:32:10.943root 11241100x8000000000000000538932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d931b66411ab022021-12-21 11:32:10.943root 11241100x8000000000000000538933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7fac668533a3902021-12-21 11:32:10.943root 11241100x8000000000000000538934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d24a6f4e3094dab2021-12-21 11:32:10.943root 11241100x8000000000000000538935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f190a6614f4762021-12-21 11:32:10.943root 11241100x8000000000000000538936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e22f8bb47a9c0602021-12-21 11:32:10.943root 11241100x8000000000000000538937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5e331465bab5922021-12-21 11:32:10.943root 11241100x8000000000000000538938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43044b43281daf02021-12-21 11:32:10.943root 11241100x8000000000000000538939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da92f7630ed84ea72021-12-21 11:32:10.944root 11241100x8000000000000000538940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa2bce5dd66ea092021-12-21 11:32:10.944root 11241100x8000000000000000538941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4f1086ffe26e22021-12-21 11:32:10.944root 11241100x8000000000000000538942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd8a76c90b0a56e2021-12-21 11:32:10.944root 11241100x8000000000000000538943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8ffafa9928802c2021-12-21 11:32:10.944root 11241100x8000000000000000538944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe442abbaa8a79882021-12-21 11:32:10.944root 11241100x8000000000000000538945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3a4b4f8368a6222021-12-21 11:32:10.944root 11241100x8000000000000000538946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d6bf59c9cf06e2021-12-21 11:32:10.944root 11241100x8000000000000000538947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258164b59711c62d2021-12-21 11:32:10.944root 11241100x8000000000000000538948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554c48dc2ae54522021-12-21 11:32:10.944root 11241100x8000000000000000538949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76d7228ea00f73b2021-12-21 11:32:10.944root 11241100x8000000000000000538950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8068e4784d8d4d002021-12-21 11:32:10.944root 11241100x8000000000000000538951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9ae8e5c1d0da1b2021-12-21 11:32:10.944root 11241100x8000000000000000538952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97649a46ab588d92021-12-21 11:32:10.944root 11241100x8000000000000000538953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca63168bac7bc62021-12-21 11:32:10.945root 11241100x8000000000000000538954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c82dc5044a07812021-12-21 11:32:10.945root 11241100x8000000000000000538955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de3041aae5dc9fc2021-12-21 11:32:10.945root 11241100x8000000000000000538956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea00c4d04297c8212021-12-21 11:32:10.945root 11241100x8000000000000000538957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad1ee3a88a9d422021-12-21 11:32:10.945root 534500x8000000000000000538958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.096{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000538959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6c36006f02eac2021-12-21 11:32:11.443root 11241100x8000000000000000538960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acff6a2152c540e2021-12-21 11:32:11.443root 11241100x8000000000000000538961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c947b7692119332021-12-21 11:32:11.443root 11241100x8000000000000000538962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a6e82b349d88242021-12-21 11:32:11.443root 11241100x8000000000000000538963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b04ed094cdfc9a2021-12-21 11:32:11.444root 11241100x8000000000000000538964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed42517cfa25d9022021-12-21 11:32:11.444root 11241100x8000000000000000538965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65d1abb0b1419932021-12-21 11:32:11.444root 11241100x8000000000000000538966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac2628a850dbe242021-12-21 11:32:11.444root 11241100x8000000000000000538967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b550b2766526c2cd2021-12-21 11:32:11.444root 11241100x8000000000000000538968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5bb4dfcf70bdfd2021-12-21 11:32:11.444root 11241100x8000000000000000538969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49cbf2f1730b10d2021-12-21 11:32:11.444root 11241100x8000000000000000538970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e602dd1e006f1602021-12-21 11:32:11.444root 11241100x8000000000000000538971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5320ac14f67fa72021-12-21 11:32:11.444root 11241100x8000000000000000538972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cbea4eaf1c49dc2021-12-21 11:32:11.444root 11241100x8000000000000000538973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4046d474fa5f772021-12-21 11:32:11.444root 11241100x8000000000000000538974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6679137b6667f12021-12-21 11:32:11.444root 11241100x8000000000000000538975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81cfea23d3578af2021-12-21 11:32:11.444root 11241100x8000000000000000538976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02765d074659c6b2021-12-21 11:32:11.444root 11241100x8000000000000000538977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02178cf52e0734392021-12-21 11:32:11.444root 11241100x8000000000000000538978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754b3b52fc65a56e2021-12-21 11:32:11.445root 11241100x8000000000000000538979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f704a58030ac6df2021-12-21 11:32:11.445root 11241100x8000000000000000538980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0736a8b411c592021-12-21 11:32:11.445root 11241100x8000000000000000538981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e553e82b0f9391c2021-12-21 11:32:11.445root 11241100x8000000000000000538982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32bc6b8f9f946932021-12-21 11:32:11.445root 11241100x8000000000000000538983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073f92f351d505312021-12-21 11:32:11.445root 11241100x8000000000000000538984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2045ef693c791fd42021-12-21 11:32:11.445root 11241100x8000000000000000538985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5834f91ac8da3842021-12-21 11:32:11.445root 11241100x8000000000000000538986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4440d949bcab2902021-12-21 11:32:11.445root 11241100x8000000000000000538987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae9ac36fc6efd82021-12-21 11:32:11.445root 11241100x8000000000000000538988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22b69e1b572a5d22021-12-21 11:32:11.943root 11241100x8000000000000000538989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2f160e6e102aea2021-12-21 11:32:11.943root 11241100x8000000000000000538990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2da248383822b92021-12-21 11:32:11.943root 11241100x8000000000000000538991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddad81b2913922d2021-12-21 11:32:11.943root 11241100x8000000000000000538992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d65d46f6521512021-12-21 11:32:11.943root 11241100x8000000000000000538993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7c3b2d86b3ceed2021-12-21 11:32:11.943root 11241100x8000000000000000538994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33242cbf3c47c7a2021-12-21 11:32:11.943root 11241100x8000000000000000538995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976bf83aed0ff6df2021-12-21 11:32:11.943root 11241100x8000000000000000538996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6260ca40c7f0e8a42021-12-21 11:32:11.944root 11241100x8000000000000000538997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a982a1346e22ae02021-12-21 11:32:11.944root 11241100x8000000000000000538998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ca14b64f2c1012021-12-21 11:32:11.944root 11241100x8000000000000000538999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97da3d19f8e9c6de2021-12-21 11:32:11.944root 11241100x8000000000000000539000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b5f67e905501d2021-12-21 11:32:11.944root 11241100x8000000000000000539001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b46b1afcdf89442021-12-21 11:32:11.944root 11241100x8000000000000000539002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441a609de194fbd82021-12-21 11:32:11.944root 11241100x8000000000000000539003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf260668ec6518eb2021-12-21 11:32:11.944root 11241100x8000000000000000539004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b107cf20beb4fc562021-12-21 11:32:11.944root 11241100x8000000000000000539005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bba2136f1272382021-12-21 11:32:11.944root 11241100x8000000000000000539006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e8e94603d9bc5a2021-12-21 11:32:11.944root 11241100x8000000000000000539007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff612ff428ef5edc2021-12-21 11:32:11.944root 11241100x8000000000000000539008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f402bf0b2c4e7a2021-12-21 11:32:11.945root 11241100x8000000000000000539009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c801b22ba225dbb72021-12-21 11:32:11.945root 11241100x8000000000000000539010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c0b0136d5a54932021-12-21 11:32:11.945root 11241100x8000000000000000539011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c8508e5184ab8b2021-12-21 11:32:11.945root 11241100x8000000000000000539012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b764853595a8ef2021-12-21 11:32:11.945root 11241100x8000000000000000539013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecce9e9f317e2d9c2021-12-21 11:32:11.945root 11241100x8000000000000000539014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba157486dd923482021-12-21 11:32:11.945root 11241100x8000000000000000539015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f19945a21e467652021-12-21 11:32:11.945root 11241100x8000000000000000539016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34f99e8124599ba2021-12-21 11:32:11.945root 11241100x8000000000000000539017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3069ca065894b88e2021-12-21 11:32:11.945root 11241100x8000000000000000539018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d87a9e7a7d56b872021-12-21 11:32:11.945root 11241100x8000000000000000539019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e1b16bbdac695b2021-12-21 11:32:11.945root 11241100x8000000000000000539020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc3f988e4da04ac2021-12-21 11:32:12.442root 11241100x8000000000000000539021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451719e55382dab2021-12-21 11:32:12.443root 11241100x8000000000000000539022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803d0a69838f7fe52021-12-21 11:32:12.443root 11241100x8000000000000000539023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c697f60b2df252021-12-21 11:32:12.443root 11241100x8000000000000000539024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02d6911fa0a86552021-12-21 11:32:12.443root 11241100x8000000000000000539025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a756278dcd5f98b2021-12-21 11:32:12.443root 11241100x8000000000000000539026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a57022ad53d8aeb2021-12-21 11:32:12.443root 11241100x8000000000000000539027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f2caac73bcf1142021-12-21 11:32:12.443root 11241100x8000000000000000539028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975aa83a9b7f947c2021-12-21 11:32:12.443root 11241100x8000000000000000539029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2860d58e0b3a51012021-12-21 11:32:12.444root 11241100x8000000000000000539030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa684e860c7b546f2021-12-21 11:32:12.444root 11241100x8000000000000000539031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ee3bfaabd707282021-12-21 11:32:12.444root 11241100x8000000000000000539032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7385803ae90c0d6c2021-12-21 11:32:12.444root 11241100x8000000000000000539033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b4550033bda602021-12-21 11:32:12.444root 11241100x8000000000000000539034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e8dba4b1594982021-12-21 11:32:12.444root 11241100x8000000000000000539035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e608b7d4cbc95f72021-12-21 11:32:12.444root 11241100x8000000000000000539036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94198b489eb5f102021-12-21 11:32:12.444root 11241100x8000000000000000539037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aca1e309bf12b42021-12-21 11:32:12.444root 11241100x8000000000000000539038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ee21070dfd03442021-12-21 11:32:12.444root 11241100x8000000000000000539039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8409471f5f4e1662021-12-21 11:32:12.444root 11241100x8000000000000000539040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5d64c1e2af68542021-12-21 11:32:12.445root 11241100x8000000000000000539041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b895dee0335c652021-12-21 11:32:12.445root 11241100x8000000000000000539042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7744fd705512fc2021-12-21 11:32:12.445root 11241100x8000000000000000539043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a1ef61cb6e16e2021-12-21 11:32:12.445root 11241100x8000000000000000539044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80891d7308b2befc2021-12-21 11:32:12.445root 11241100x8000000000000000539045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5e4dd85de851af2021-12-21 11:32:12.445root 11241100x8000000000000000539046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6719a7f547c5e88a2021-12-21 11:32:12.445root 11241100x8000000000000000539047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7a938558520802021-12-21 11:32:12.445root 11241100x8000000000000000539048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f5d6f72dbf6ce72021-12-21 11:32:12.445root 11241100x8000000000000000539049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d8df15458799a32021-12-21 11:32:12.445root 11241100x8000000000000000539050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5c1b713f353a92021-12-21 11:32:12.445root 11241100x8000000000000000539051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7b99e19ea52ebc2021-12-21 11:32:12.445root 11241100x8000000000000000539052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1756e216a5e463842021-12-21 11:32:12.446root 11241100x8000000000000000539053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c164d199760a38aa2021-12-21 11:32:12.446root 11241100x8000000000000000539054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a57f7864e019622021-12-21 11:32:12.943root 11241100x8000000000000000539055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c702cb2b6eddd2021-12-21 11:32:12.943root 11241100x8000000000000000539056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f1a7fd713654da2021-12-21 11:32:12.943root 11241100x8000000000000000539057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7827cba1de35a12021-12-21 11:32:12.943root 11241100x8000000000000000539058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ebe511403feea32021-12-21 11:32:12.943root 11241100x8000000000000000539059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568d9d1fe6b8ed432021-12-21 11:32:12.943root 11241100x8000000000000000539060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cb66b7ddc2a18f2021-12-21 11:32:12.943root 11241100x8000000000000000539061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcf94ab9552182a2021-12-21 11:32:12.944root 11241100x8000000000000000539062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8712845e064aafca2021-12-21 11:32:12.944root 11241100x8000000000000000539063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9367729e69faca2021-12-21 11:32:12.944root 11241100x8000000000000000539064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ba34355c2972b2021-12-21 11:32:12.944root 11241100x8000000000000000539065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de68cb88f3ffe3622021-12-21 11:32:12.944root 11241100x8000000000000000539066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d080f5938688712021-12-21 11:32:12.944root 11241100x8000000000000000539067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d9f9f6232d5db2021-12-21 11:32:12.944root 11241100x8000000000000000539068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0b03ee39185a692021-12-21 11:32:12.944root 11241100x8000000000000000539069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b22c9560c2c2cf42021-12-21 11:32:12.944root 11241100x8000000000000000539070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5404fb5e3d618fd2021-12-21 11:32:12.944root 11241100x8000000000000000539071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03beb38e8ccef6ba2021-12-21 11:32:12.945root 11241100x8000000000000000539072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c355a0ea0bc082021-12-21 11:32:12.945root 11241100x8000000000000000539073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e15d7df045179c2021-12-21 11:32:12.945root 11241100x8000000000000000539074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6001ef9c5de73872021-12-21 11:32:12.945root 11241100x8000000000000000539075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9ea2aea315c1202021-12-21 11:32:12.945root 11241100x8000000000000000539076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a26937813fb542021-12-21 11:32:12.945root 11241100x8000000000000000539077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ec8ccb0189e4912021-12-21 11:32:12.945root 11241100x8000000000000000539078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467b2ed34d9992fb2021-12-21 11:32:12.945root 11241100x8000000000000000539079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d5134497f832332021-12-21 11:32:12.945root 11241100x8000000000000000539080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40527dc088164c712021-12-21 11:32:12.945root 11241100x8000000000000000539081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6effcfcdba6558f22021-12-21 11:32:12.946root 11241100x8000000000000000539082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a893e87ea3b55f952021-12-21 11:32:12.946root 11241100x8000000000000000539083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d794b9c9d15d2762021-12-21 11:32:12.946root 11241100x8000000000000000539084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a576c30a2978fd82021-12-21 11:32:12.946root 11241100x8000000000000000539085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04cf2a543be5ea12021-12-21 11:32:12.946root 11241100x8000000000000000539086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f299321766ad22021-12-21 11:32:12.946root 11241100x8000000000000000539087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99c0efce71facc92021-12-21 11:32:12.946root 11241100x8000000000000000539088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581397cf24967d72021-12-21 11:32:12.946root 11241100x8000000000000000539089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd8968154fbe152021-12-21 11:32:12.946root 11241100x8000000000000000539090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d44d304f1cd20162021-12-21 11:32:12.946root 11241100x8000000000000000539091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e47d95a76b4bce2021-12-21 11:32:12.946root 11241100x8000000000000000539092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5820434080983d2021-12-21 11:32:13.443root 11241100x8000000000000000539093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55eca1da2ccb7fc2021-12-21 11:32:13.443root 11241100x8000000000000000539094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e267bc4f93070b2021-12-21 11:32:13.443root 11241100x8000000000000000539095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef292119b2f8a82021-12-21 11:32:13.443root 11241100x8000000000000000539096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7d49991b47147d2021-12-21 11:32:13.444root 11241100x8000000000000000539097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cffb095b83c3082021-12-21 11:32:13.444root 11241100x8000000000000000539098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3333492281daf40f2021-12-21 11:32:13.444root 11241100x8000000000000000539099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383442042c1c0a5b2021-12-21 11:32:13.444root 11241100x8000000000000000539100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea83eba029d7c2d2021-12-21 11:32:13.444root 11241100x8000000000000000539101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46375687340eee8f2021-12-21 11:32:13.444root 11241100x8000000000000000539102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981ae885e77289632021-12-21 11:32:13.444root 11241100x8000000000000000539103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15be15ed5b3c93012021-12-21 11:32:13.444root 11241100x8000000000000000539104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3063c6695b2c3d32021-12-21 11:32:13.444root 11241100x8000000000000000539105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f795f24f1471ee2021-12-21 11:32:13.444root 11241100x8000000000000000539106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26522a9247f4f7eb2021-12-21 11:32:13.444root 11241100x8000000000000000539107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51eab031f053fe82021-12-21 11:32:13.445root 11241100x8000000000000000539108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e577e8b10eeffc82021-12-21 11:32:13.445root 11241100x8000000000000000539109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c428313bed6d9a62021-12-21 11:32:13.445root 11241100x8000000000000000539110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482a053ab21acc92021-12-21 11:32:13.445root 11241100x8000000000000000539111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a9fb588b6e32f42021-12-21 11:32:13.445root 11241100x8000000000000000539112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a87ed516fabfdb2021-12-21 11:32:13.445root 11241100x8000000000000000539113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021b0063631d6112021-12-21 11:32:13.445root 11241100x8000000000000000539114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f1c362d901b97c2021-12-21 11:32:13.445root 11241100x8000000000000000539115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3432745b7bff60d2021-12-21 11:32:13.445root 11241100x8000000000000000539116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b66e211d958d72021-12-21 11:32:13.445root 11241100x8000000000000000539117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb78303ddd0ee8502021-12-21 11:32:13.446root 11241100x8000000000000000539118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6be12f316a1ef02021-12-21 11:32:13.446root 11241100x8000000000000000539119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01963865306648e52021-12-21 11:32:13.446root 11241100x8000000000000000539120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f76c87ae08c6722021-12-21 11:32:13.446root 11241100x8000000000000000539121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63d6567842a1192021-12-21 11:32:13.943root 11241100x8000000000000000539122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752f2d8d587fa9392021-12-21 11:32:13.943root 11241100x8000000000000000539123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3894653e8eb21a62021-12-21 11:32:13.943root 11241100x8000000000000000539124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde8239d54c2cad22021-12-21 11:32:13.943root 11241100x8000000000000000539125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e33325c762b8e62021-12-21 11:32:13.943root 11241100x8000000000000000539126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158d51acca44d602021-12-21 11:32:13.943root 11241100x8000000000000000539127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b6a4c7c2173ff2021-12-21 11:32:13.943root 11241100x8000000000000000539128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d72391b4bb4308a2021-12-21 11:32:13.944root 11241100x8000000000000000539129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81dbd63d2a4fe352021-12-21 11:32:13.944root 11241100x8000000000000000539130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b50bd70d93cb872021-12-21 11:32:13.944root 11241100x8000000000000000539131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eea368fac833bc2021-12-21 11:32:13.944root 11241100x8000000000000000539132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3292a0ef5c5987352021-12-21 11:32:13.944root 11241100x8000000000000000539133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b78b8fc0e6b4d2021-12-21 11:32:13.944root 11241100x8000000000000000539134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec703ba7c997b4b2021-12-21 11:32:13.944root 11241100x8000000000000000539135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74cf7026c2d3b652021-12-21 11:32:13.944root 11241100x8000000000000000539136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c30a41d1fe0772021-12-21 11:32:13.944root 11241100x8000000000000000539137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d48b2cd088c08c42021-12-21 11:32:13.944root 11241100x8000000000000000539138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811a6fbdd7bccc552021-12-21 11:32:13.944root 11241100x8000000000000000539139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446e23691a275d2b2021-12-21 11:32:13.944root 11241100x8000000000000000539140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f545345ef51b462021-12-21 11:32:13.944root 11241100x8000000000000000539141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b119782a5e0532021-12-21 11:32:13.944root 11241100x8000000000000000539142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29061205199f10022021-12-21 11:32:13.944root 11241100x8000000000000000539143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35843835b12d55b52021-12-21 11:32:13.945root 11241100x8000000000000000539144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c892f5d6d2d7f8572021-12-21 11:32:13.945root 11241100x8000000000000000539145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34a7c942d6d26d12021-12-21 11:32:13.945root 11241100x8000000000000000539146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5854d65d92859d52021-12-21 11:32:13.945root 11241100x8000000000000000539147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83ec4938b9cc9272021-12-21 11:32:13.945root 11241100x8000000000000000539148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012b27eadde310632021-12-21 11:32:13.945root 11241100x8000000000000000539149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163dec123afaa36f2021-12-21 11:32:13.945root 11241100x8000000000000000539150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b94efa70bd1be472021-12-21 11:32:14.443root 11241100x8000000000000000539151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff919291d2d15a62021-12-21 11:32:14.443root 11241100x8000000000000000539152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecf3d631d5b65312021-12-21 11:32:14.444root 11241100x8000000000000000539153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39269b9ec0476a892021-12-21 11:32:14.444root 11241100x8000000000000000539154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd64311815ab2032021-12-21 11:32:14.444root 11241100x8000000000000000539155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee706b24491ca92021-12-21 11:32:14.444root 11241100x8000000000000000539156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569cb1749b72423d2021-12-21 11:32:14.444root 11241100x8000000000000000539157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b27318e20dd7fce2021-12-21 11:32:14.444root 11241100x8000000000000000539158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd4d6803dd90a672021-12-21 11:32:14.444root 11241100x8000000000000000539159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c98a08c3b09e122021-12-21 11:32:14.444root 11241100x8000000000000000539160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b06de3e298998a2021-12-21 11:32:14.444root 11241100x8000000000000000539161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba574317fe5f3d2021-12-21 11:32:14.444root 11241100x8000000000000000539162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0464ca4ba562f002021-12-21 11:32:14.444root 11241100x8000000000000000539163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfc8d703f1581462021-12-21 11:32:14.444root 11241100x8000000000000000539164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e948ec119ed382021-12-21 11:32:14.444root 11241100x8000000000000000539165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c316f702f8db9dd2021-12-21 11:32:14.445root 11241100x8000000000000000539166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a9bbe13b867e142021-12-21 11:32:14.445root 11241100x8000000000000000539167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf156d6cf108189d2021-12-21 11:32:14.445root 11241100x8000000000000000539168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b759a0f5278bd702021-12-21 11:32:14.445root 11241100x8000000000000000539169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5490366196a4ece12021-12-21 11:32:14.445root 11241100x8000000000000000539170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef877a41cf6bb682021-12-21 11:32:14.445root 11241100x8000000000000000539171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3cdd4b30f633292021-12-21 11:32:14.445root 11241100x8000000000000000539172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c55bcbf44fd572021-12-21 11:32:14.445root 11241100x8000000000000000539173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730a83c5897fb8d92021-12-21 11:32:14.445root 11241100x8000000000000000539174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf028cfcc00c4db72021-12-21 11:32:14.445root 11241100x8000000000000000539175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5202b3fc9916462021-12-21 11:32:14.445root 11241100x8000000000000000539176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f45abe9a17fdf182021-12-21 11:32:14.445root 11241100x8000000000000000539177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9310b3ec134841ad2021-12-21 11:32:14.445root 11241100x8000000000000000539178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eafdebc3c4ec6872021-12-21 11:32:14.445root 11241100x8000000000000000539179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454f8d0ee176363f2021-12-21 11:32:14.943root 11241100x8000000000000000539180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96cd87ca98430bd2021-12-21 11:32:14.943root 11241100x8000000000000000539181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e727ca7890df52021-12-21 11:32:14.943root 11241100x8000000000000000539182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26fd03e11cc2be12021-12-21 11:32:14.943root 11241100x8000000000000000539183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa76e9924e2fd8e2021-12-21 11:32:14.943root 11241100x8000000000000000539184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8d9c1a7ad78a962021-12-21 11:32:14.944root 11241100x8000000000000000539185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5d9095dd1f36312021-12-21 11:32:14.944root 11241100x8000000000000000539186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f06b7b6ca184ae2021-12-21 11:32:14.944root 11241100x8000000000000000539187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effcabd62bb188dd2021-12-21 11:32:14.944root 11241100x8000000000000000539188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1b051576d08c1c2021-12-21 11:32:14.944root 11241100x8000000000000000539189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0eebfc1fc8f1c2021-12-21 11:32:14.945root 11241100x8000000000000000539190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1f224e8dbe43e2021-12-21 11:32:14.945root 11241100x8000000000000000539191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bcb3c854e85cc62021-12-21 11:32:14.945root 11241100x8000000000000000539192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1bc140d75583f82021-12-21 11:32:14.945root 11241100x8000000000000000539193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9bd67d8ea599222021-12-21 11:32:14.946root 11241100x8000000000000000539194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04146cefac61dfe62021-12-21 11:32:14.946root 11241100x8000000000000000539195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c24600590b9b572021-12-21 11:32:14.947root 11241100x8000000000000000539196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69859ae09cd5fde2021-12-21 11:32:14.947root 11241100x8000000000000000539197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d342e200663fb2021-12-21 11:32:14.947root 11241100x8000000000000000539198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da04769fdeedbe02021-12-21 11:32:14.948root 11241100x8000000000000000539199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1915e0c3c68f97692021-12-21 11:32:14.948root 11241100x8000000000000000539200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ea3958582af832021-12-21 11:32:14.949root 11241100x8000000000000000539201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a364ae08e3500202021-12-21 11:32:14.949root 11241100x8000000000000000539202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a40f5f9a203d2e2021-12-21 11:32:14.950root 11241100x8000000000000000539203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ade3c3140316e232021-12-21 11:32:14.951root 11241100x8000000000000000539204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939cf89d89490cfa2021-12-21 11:32:14.951root 11241100x8000000000000000539205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fc526dacd570212021-12-21 11:32:14.951root 11241100x8000000000000000539206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4063725252f27d2021-12-21 11:32:14.951root 11241100x8000000000000000539207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae4033d598f426b2021-12-21 11:32:14.952root 11241100x8000000000000000539208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d2bcc9a07788d2021-12-21 11:32:14.952root 11241100x8000000000000000539209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e75e32f87a3bc92021-12-21 11:32:14.952root 11241100x8000000000000000539210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94caf1384c1e02112021-12-21 11:32:14.952root 354300x8000000000000000539211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.233{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48680-false10.0.1.12-8000- 11241100x8000000000000000539212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc80076789dee142021-12-21 11:32:15.235root 11241100x8000000000000000539213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf567f89f6a99442021-12-21 11:32:15.235root 11241100x8000000000000000539214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a1387483a779dc2021-12-21 11:32:15.235root 11241100x8000000000000000539215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1502e554bfc701e2021-12-21 11:32:15.235root 11241100x8000000000000000539216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eede82b619548d172021-12-21 11:32:15.235root 11241100x8000000000000000539217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe02d851252e4f5a2021-12-21 11:32:15.235root 11241100x8000000000000000539218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7896ac16b228e72021-12-21 11:32:15.235root 11241100x8000000000000000539219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b419c2ae360bc22021-12-21 11:32:15.235root 11241100x8000000000000000539220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190effbefe5fe982021-12-21 11:32:15.235root 11241100x8000000000000000539221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1503503a1ee49f32021-12-21 11:32:15.235root 11241100x8000000000000000539222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b69fa8e79e405982021-12-21 11:32:15.236root 11241100x8000000000000000539223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa345c81ae063e102021-12-21 11:32:15.236root 11241100x8000000000000000539224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce06a093cc74a692021-12-21 11:32:15.236root 11241100x8000000000000000539225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d14d9b537e9177a2021-12-21 11:32:15.236root 11241100x8000000000000000539226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0427471d6cf79982021-12-21 11:32:15.236root 11241100x8000000000000000539227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b797443ca364b92021-12-21 11:32:15.236root 11241100x8000000000000000539228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74626a76444975f42021-12-21 11:32:15.236root 11241100x8000000000000000539229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186ea554cf9527f42021-12-21 11:32:15.236root 11241100x8000000000000000539230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460ddf79dd479912021-12-21 11:32:15.236root 11241100x8000000000000000539231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68643f6c79d7513a2021-12-21 11:32:15.236root 11241100x8000000000000000539232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9409fd7e8a598ccf2021-12-21 11:32:15.237root 11241100x8000000000000000539233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da460c92ace78e4e2021-12-21 11:32:15.237root 11241100x8000000000000000539234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b2f565146115f2021-12-21 11:32:15.237root 11241100x8000000000000000539235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa572fe053993d2a2021-12-21 11:32:15.237root 11241100x8000000000000000539236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efbf5ab6d455f8b2021-12-21 11:32:15.237root 11241100x8000000000000000539237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aed3571482b01d2021-12-21 11:32:15.237root 11241100x8000000000000000539238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e9bac81dbfeb162021-12-21 11:32:15.237root 11241100x8000000000000000539239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791d941d5603ec6f2021-12-21 11:32:15.237root 11241100x8000000000000000539240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839f4ed0425156302021-12-21 11:32:15.237root 11241100x8000000000000000539241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e056ca778e83602021-12-21 11:32:15.238root 11241100x8000000000000000539242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20daf881341783b2021-12-21 11:32:15.238root 11241100x8000000000000000539243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a741d3e3531ac12021-12-21 11:32:15.238root 11241100x8000000000000000539244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdf6a5e08bcd37e2021-12-21 11:32:15.238root 11241100x8000000000000000539245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a61496d0b1efba2021-12-21 11:32:15.238root 11241100x8000000000000000539246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614a76a20a93f5232021-12-21 11:32:15.238root 11241100x8000000000000000539247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364440bee76c51e32021-12-21 11:32:15.238root 11241100x8000000000000000539248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5cc0ec83f8c882021-12-21 11:32:15.238root 11241100x8000000000000000539249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617edaeb1ea2c7812021-12-21 11:32:15.238root 11241100x8000000000000000539250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927080ec74cbfa392021-12-21 11:32:15.238root 11241100x8000000000000000539251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70180622fe1fb0152021-12-21 11:32:15.239root 11241100x8000000000000000539252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6d8015c98aaa32021-12-21 11:32:15.239root 11241100x8000000000000000539253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22e7e8636b5c8542021-12-21 11:32:15.239root 11241100x8000000000000000539254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2266c184e2392b792021-12-21 11:32:15.239root 11241100x8000000000000000539255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c02dacd092923e72021-12-21 11:32:15.239root 11241100x8000000000000000539256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3318a78edd45bb652021-12-21 11:32:15.693root 11241100x8000000000000000539257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02777f86475b36d72021-12-21 11:32:15.693root 11241100x8000000000000000539258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d46df765286f7302021-12-21 11:32:15.693root 11241100x8000000000000000539259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137dd1fe2a288582021-12-21 11:32:15.693root 11241100x8000000000000000539260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c97255742d211e2021-12-21 11:32:15.693root 11241100x8000000000000000539261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc6692b69d4aaf2021-12-21 11:32:15.693root 11241100x8000000000000000539262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1876fe9df22870b12021-12-21 11:32:15.694root 11241100x8000000000000000539263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe76ea1997b7a6dc2021-12-21 11:32:15.694root 11241100x8000000000000000539264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff239ac0a14d56802021-12-21 11:32:15.694root 11241100x8000000000000000539265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16986fb501566ad62021-12-21 11:32:15.694root 11241100x8000000000000000539266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116b390b1c3ff3f42021-12-21 11:32:15.694root 11241100x8000000000000000539267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed8a37b8df6ec3c2021-12-21 11:32:15.694root 11241100x8000000000000000539268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062bf5cd62e7ee3f2021-12-21 11:32:15.694root 11241100x8000000000000000539269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a12afae8a8cf72021-12-21 11:32:15.694root 11241100x8000000000000000539270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2168f1fb85a16a022021-12-21 11:32:15.694root 11241100x8000000000000000539271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeacab90bd234722021-12-21 11:32:15.694root 11241100x8000000000000000539272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c07e4028cb068f2021-12-21 11:32:15.694root 11241100x8000000000000000539273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3b427bd94e83462021-12-21 11:32:15.694root 11241100x8000000000000000539274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a303dfe70e476bd2021-12-21 11:32:15.694root 11241100x8000000000000000539275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de85a9bdea1712e2021-12-21 11:32:15.694root 11241100x8000000000000000539276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8079dcc907de6bd2021-12-21 11:32:15.694root 11241100x8000000000000000539277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7639e8936a2d862021-12-21 11:32:15.695root 11241100x8000000000000000539278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371fba5adfa2cbc52021-12-21 11:32:15.695root 11241100x8000000000000000539279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd3d70321ed7e6e2021-12-21 11:32:15.695root 11241100x8000000000000000539280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bbf2dfff9569132021-12-21 11:32:15.695root 11241100x8000000000000000539281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc964cf59e272cd2021-12-21 11:32:15.695root 11241100x8000000000000000539282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d6ce809c17fd642021-12-21 11:32:15.695root 11241100x8000000000000000539283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726ed444c1828a22021-12-21 11:32:15.695root 11241100x8000000000000000539284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb794002f540eb2021-12-21 11:32:15.695root 11241100x8000000000000000539285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311c02cccd009912021-12-21 11:32:15.695root 11241100x8000000000000000539286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391bde1cc260e53b2021-12-21 11:32:16.193root 11241100x8000000000000000539287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c98024fb7e19a32021-12-21 11:32:16.193root 11241100x8000000000000000539288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5747c536e11dbf412021-12-21 11:32:16.193root 11241100x8000000000000000539289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00dcd2882bd84902021-12-21 11:32:16.193root 11241100x8000000000000000539290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf526095c0c46b322021-12-21 11:32:16.194root 11241100x8000000000000000539291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6922ea20d5e6ab32021-12-21 11:32:16.194root 11241100x8000000000000000539292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10578756d10fbe32021-12-21 11:32:16.194root 11241100x8000000000000000539293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8074e8334bd2f2021-12-21 11:32:16.194root 11241100x8000000000000000539294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dab895097fb69c2021-12-21 11:32:16.194root 11241100x8000000000000000539295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f937cf65641c832021-12-21 11:32:16.194root 11241100x8000000000000000539296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8409e66ecc630ea2021-12-21 11:32:16.194root 11241100x8000000000000000539297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9847ce9536f54a0d2021-12-21 11:32:16.194root 11241100x8000000000000000539298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ccfb0ce97fed4f2021-12-21 11:32:16.194root 11241100x8000000000000000539299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8282f27b3a10462021-12-21 11:32:16.194root 11241100x8000000000000000539300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2230c836552b73082021-12-21 11:32:16.194root 11241100x8000000000000000539301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e8262cd4fbfc202021-12-21 11:32:16.194root 11241100x8000000000000000539302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeefff4422f7b692021-12-21 11:32:16.194root 11241100x8000000000000000539303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaa937da6e04f0f2021-12-21 11:32:16.194root 11241100x8000000000000000539304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8593c9f08d06b152021-12-21 11:32:16.194root 11241100x8000000000000000539305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca370e0a8667a552021-12-21 11:32:16.195root 11241100x8000000000000000539306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aae012c668eafd2021-12-21 11:32:16.195root 11241100x8000000000000000539307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51786c56b9d79c7b2021-12-21 11:32:16.195root 11241100x8000000000000000539308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9656b40c2066e2e2021-12-21 11:32:16.195root 11241100x8000000000000000539309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3745ce2b1ddd032021-12-21 11:32:16.195root 11241100x8000000000000000539310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11919e0b1cb0a4a62021-12-21 11:32:16.195root 11241100x8000000000000000539311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b8f357c810ec672021-12-21 11:32:16.195root 11241100x8000000000000000539312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36c4fa516537c3c2021-12-21 11:32:16.195root 11241100x8000000000000000539313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d523c3318e8eab2021-12-21 11:32:16.195root 11241100x8000000000000000539314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f629d1e2523be282021-12-21 11:32:16.195root 11241100x8000000000000000539315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28823907670c712021-12-21 11:32:16.195root 11241100x8000000000000000539316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493f0c2132dec5cb2021-12-21 11:32:16.195root 11241100x8000000000000000539317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363f6f06d199ec92021-12-21 11:32:16.195root 11241100x8000000000000000539318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d3a59f34094742021-12-21 11:32:16.195root 11241100x8000000000000000539319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d789ae01e1c79672021-12-21 11:32:16.195root 11241100x8000000000000000539320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084eca53ecd03ac92021-12-21 11:32:16.196root 11241100x8000000000000000539321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ec6536ab1df8cb2021-12-21 11:32:16.196root 11241100x8000000000000000539322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c29253bbadcca2021-12-21 11:32:16.196root 11241100x8000000000000000539323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c83d12c7eeb102021-12-21 11:32:16.196root 11241100x8000000000000000539324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34a4022ad82fd252021-12-21 11:32:16.196root 11241100x8000000000000000539325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443f13cfb66626022021-12-21 11:32:16.693root 11241100x8000000000000000539326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab842065a519eb2021-12-21 11:32:16.694root 11241100x8000000000000000539327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288739a92b4936492021-12-21 11:32:16.694root 11241100x8000000000000000539328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4f1fe3b5099e642021-12-21 11:32:16.694root 11241100x8000000000000000539329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6533211fde355852021-12-21 11:32:16.694root 11241100x8000000000000000539330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189a65c881428b142021-12-21 11:32:16.694root 11241100x8000000000000000539331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87635b0d822fd9ae2021-12-21 11:32:16.694root 11241100x8000000000000000539332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52235b818fa559372021-12-21 11:32:16.694root 11241100x8000000000000000539333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec4c1d8c4b8d7732021-12-21 11:32:16.694root 11241100x8000000000000000539334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b8876d84e455282021-12-21 11:32:16.694root 11241100x8000000000000000539335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8bbc475b83a4b12021-12-21 11:32:16.694root 11241100x8000000000000000539336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882f34266212f4f2021-12-21 11:32:16.694root 11241100x8000000000000000539337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c996c613215edce22021-12-21 11:32:16.694root 11241100x8000000000000000539338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3df87e642ae84222021-12-21 11:32:16.695root 11241100x8000000000000000539339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1babbaaa7d0b601e2021-12-21 11:32:16.695root 11241100x8000000000000000539340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0cb82e5273dbb92021-12-21 11:32:16.695root 11241100x8000000000000000539341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90a4abc396251862021-12-21 11:32:16.695root 11241100x8000000000000000539342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f460df1e6fa02332021-12-21 11:32:16.695root 11241100x8000000000000000539343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e967bb7c31460352021-12-21 11:32:16.695root 11241100x8000000000000000539344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09a5ce49e9baa872021-12-21 11:32:16.695root 11241100x8000000000000000539345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25515f0cb4d9af6f2021-12-21 11:32:16.695root 11241100x8000000000000000539346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3a3b4ae0d09a232021-12-21 11:32:16.695root 11241100x8000000000000000539347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22cbe6006412bd2021-12-21 11:32:16.695root 11241100x8000000000000000539348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d6a73ed7e3ec22021-12-21 11:32:16.695root 11241100x8000000000000000539349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb5cde347310ce2021-12-21 11:32:16.695root 11241100x8000000000000000539350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54ad5b8b9ec49b92021-12-21 11:32:16.695root 11241100x8000000000000000539351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d1fddca147a0192021-12-21 11:32:16.696root 11241100x8000000000000000539352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc536d112bf6e1c72021-12-21 11:32:16.696root 11241100x8000000000000000539353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1613c7e85811b5132021-12-21 11:32:16.696root 11241100x8000000000000000539354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f73b0ee7f13f92021-12-21 11:32:16.696root 11241100x8000000000000000539355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c71d5799c3cf1f92021-12-21 11:32:17.193root 11241100x8000000000000000539356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389daffa62813d332021-12-21 11:32:17.193root 11241100x8000000000000000539357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12867681b974c4002021-12-21 11:32:17.194root 11241100x8000000000000000539358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9568f0b8cb00f78b2021-12-21 11:32:17.194root 11241100x8000000000000000539359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dafdd7cf7af9de22021-12-21 11:32:17.194root 11241100x8000000000000000539360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d5407470298c8f2021-12-21 11:32:17.194root 11241100x8000000000000000539361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bfde22a7d13e42021-12-21 11:32:17.194root 11241100x8000000000000000539362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4280c4bc89ea0e9a2021-12-21 11:32:17.194root 11241100x8000000000000000539363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95481ef35a45c3ae2021-12-21 11:32:17.194root 11241100x8000000000000000539364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b14d180a5d8da112021-12-21 11:32:17.194root 11241100x8000000000000000539365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2883e3a2f1f12aad2021-12-21 11:32:17.194root 11241100x8000000000000000539366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91f2cfb5a9f7f082021-12-21 11:32:17.194root 11241100x8000000000000000539367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b2ff60964a26c62021-12-21 11:32:17.194root 11241100x8000000000000000539368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83abf105296d3f9e2021-12-21 11:32:17.194root 11241100x8000000000000000539369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fafb3d63bd5e0e2021-12-21 11:32:17.195root 11241100x8000000000000000539370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd23ae86ae184f62021-12-21 11:32:17.195root 11241100x8000000000000000539371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20a3604288113412021-12-21 11:32:17.195root 11241100x8000000000000000539372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb64f2e9f9ac0742021-12-21 11:32:17.195root 11241100x8000000000000000539373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d8c1df2436b1f62021-12-21 11:32:17.195root 11241100x8000000000000000539374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6709a2655e32c0c12021-12-21 11:32:17.195root 11241100x8000000000000000539375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87522474ec82223c2021-12-21 11:32:17.195root 11241100x8000000000000000539376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f13ebddc1660cfe2021-12-21 11:32:17.195root 11241100x8000000000000000539377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517cb0375957e4742021-12-21 11:32:17.196root 11241100x8000000000000000539378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945df9590c283e3e2021-12-21 11:32:17.196root 11241100x8000000000000000539379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc490ddcef1f6d9c2021-12-21 11:32:17.196root 11241100x8000000000000000539380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a60cc1b74d35cf2021-12-21 11:32:17.196root 11241100x8000000000000000539381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64addd07700f59d22021-12-21 11:32:17.196root 11241100x8000000000000000539382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79929b6c8b2337212021-12-21 11:32:17.196root 11241100x8000000000000000539383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a050c465d459252021-12-21 11:32:17.196root 11241100x8000000000000000539384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4410d0ea513aacf2021-12-21 11:32:17.196root 11241100x8000000000000000539385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505f994ac0e340cd2021-12-21 11:32:17.693root 11241100x8000000000000000539386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:32:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3038b71dfdf7692021-12-21 11:32:17.693root