11241100x8000000000000000523167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d750c3634126eaf12021-12-21 11:22:35.442root 11241100x8000000000000000523168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1ca55fe645fb282021-12-21 11:22:35.443root 11241100x8000000000000000523169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d00d05a4adfb4792021-12-21 11:22:35.443root 11241100x8000000000000000523170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767a3e939444dcb2021-12-21 11:22:35.443root 11241100x8000000000000000523171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12948d167190a0372021-12-21 11:22:35.942root 11241100x8000000000000000523172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b80aed21f76d32021-12-21 11:22:35.943root 11241100x8000000000000000523173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83de62be30bf7ea82021-12-21 11:22:35.943root 11241100x8000000000000000523174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee168cd157fb4c652021-12-21 11:22:35.943root 354300x8000000000000000523175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.181{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48450-false10.0.1.12-8000- 11241100x8000000000000000523176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:22:36.329root 11241100x8000000000000000523177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9735fccac2d639d12021-12-21 11:22:36.330root 11241100x8000000000000000523178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fb57ef9a8249332021-12-21 11:22:36.330root 11241100x8000000000000000523179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2edace4d162722021-12-21 11:22:36.330root 11241100x8000000000000000523180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd70c1d9eadca732021-12-21 11:22:36.330root 11241100x8000000000000000523181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283c22de109d3f9f2021-12-21 11:22:36.330root 11241100x8000000000000000523182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296c3d3ed26387112021-12-21 11:22:36.330root 11241100x8000000000000000523183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7664c1abd297622021-12-21 11:22:36.693root 11241100x8000000000000000523184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c0823596a0e46b2021-12-21 11:22:36.693root 11241100x8000000000000000523185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e082bd611f4ec2021-12-21 11:22:36.693root 11241100x8000000000000000523186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc5acbce53f85b02021-12-21 11:22:36.693root 11241100x8000000000000000523187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb2ae8cd43f52112021-12-21 11:22:36.693root 11241100x8000000000000000523188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35504b3fa7e1b49d2021-12-21 11:22:36.693root 11241100x8000000000000000523189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bb97ebf2a01b2d2021-12-21 11:22:37.193root 11241100x8000000000000000523190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cabff77344df7bc2021-12-21 11:22:37.193root 11241100x8000000000000000523191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ff4fc487a2e252021-12-21 11:22:37.193root 11241100x8000000000000000523192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2d0e461dcb3bb2021-12-21 11:22:37.193root 11241100x8000000000000000523193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac371f9bba3998382021-12-21 11:22:37.193root 11241100x8000000000000000523194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07985eb29300eef2021-12-21 11:22:37.193root 11241100x8000000000000000523195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9da4c7c28efab042021-12-21 11:22:37.693root 11241100x8000000000000000523196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbdd7231eedf0772021-12-21 11:22:37.693root 11241100x8000000000000000523197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da5be0397713f0a2021-12-21 11:22:37.693root 11241100x8000000000000000523198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32906af72ad97b62021-12-21 11:22:37.693root 11241100x8000000000000000523199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347edec2fdd2c1492021-12-21 11:22:37.693root 11241100x8000000000000000523200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66bb6a98f2c66bb2021-12-21 11:22:37.693root 11241100x8000000000000000523201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836ca626d4408acf2021-12-21 11:22:38.193root 11241100x8000000000000000523202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d278d742a9bde22021-12-21 11:22:38.193root 11241100x8000000000000000523203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b73c00b14e3a2ce2021-12-21 11:22:38.193root 11241100x8000000000000000523204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beee65e93aeb36342021-12-21 11:22:38.193root 11241100x8000000000000000523205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152868b1c5cf43d42021-12-21 11:22:38.193root 11241100x8000000000000000523206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b113577087c87a2021-12-21 11:22:38.193root 11241100x8000000000000000523207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d00e960941476b2021-12-21 11:22:38.693root 11241100x8000000000000000523208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7686d5c9c10836602021-12-21 11:22:38.693root 11241100x8000000000000000523209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d41c861f4d10492021-12-21 11:22:38.693root 11241100x8000000000000000523210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c73d9901c982012021-12-21 11:22:38.693root 11241100x8000000000000000523211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0a5916f70473ce2021-12-21 11:22:38.693root 11241100x8000000000000000523212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cde84f83af82862021-12-21 11:22:38.693root 11241100x8000000000000000523213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396036516b03f1f2021-12-21 11:22:39.193root 11241100x8000000000000000523214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dac29f65d2f2212021-12-21 11:22:39.193root 11241100x8000000000000000523215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad52d7c9d4008192021-12-21 11:22:39.193root 11241100x8000000000000000523216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e34c17e27358732021-12-21 11:22:39.193root 11241100x8000000000000000523217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319744080fffe8202021-12-21 11:22:39.193root 11241100x8000000000000000523218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598d7fff7c74486e2021-12-21 11:22:39.194root 23542300x8000000000000000523219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000523220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e5c4fa7e55ff12021-12-21 11:22:39.693root 11241100x8000000000000000523221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf450b7b824233f2021-12-21 11:22:39.693root 11241100x8000000000000000523222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6f7898ded953912021-12-21 11:22:39.693root 11241100x8000000000000000523223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84120c4f2e1728e92021-12-21 11:22:39.693root 11241100x8000000000000000523224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4605506a88e2b2d52021-12-21 11:22:39.693root 11241100x8000000000000000523225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1bb0326c12bacd2021-12-21 11:22:39.693root 11241100x8000000000000000523226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304316fa8afb77c02021-12-21 11:22:39.693root 11241100x8000000000000000523227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5584dd497b79922021-12-21 11:22:40.193root 11241100x8000000000000000523228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce679ac7b73778562021-12-21 11:22:40.193root 11241100x8000000000000000523229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b2f9428c774ecf2021-12-21 11:22:40.193root 11241100x8000000000000000523230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b0cbb6cfe63c082021-12-21 11:22:40.193root 11241100x8000000000000000523231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69866d8f0470bb602021-12-21 11:22:40.193root 11241100x8000000000000000523232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bf532c63d6b1892021-12-21 11:22:40.193root 11241100x8000000000000000523233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eddba9acffb1dc82021-12-21 11:22:40.193root 11241100x8000000000000000523234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a618191ae44a932021-12-21 11:22:40.693root 11241100x8000000000000000523235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3fd445bfc8a5732021-12-21 11:22:40.693root 11241100x8000000000000000523236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8053397d7e77a7872021-12-21 11:22:40.693root 11241100x8000000000000000523237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0a8d60b86ab03f2021-12-21 11:22:40.693root 11241100x8000000000000000523238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22021fce04509b32021-12-21 11:22:40.693root 11241100x8000000000000000523239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba118e826324d92021-12-21 11:22:40.693root 11241100x8000000000000000523240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573967766e82437e2021-12-21 11:22:40.693root 11241100x8000000000000000523241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffd80bf37f378fa2021-12-21 11:22:41.193root 11241100x8000000000000000523242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daa26651bb7626d2021-12-21 11:22:41.193root 11241100x8000000000000000523243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e09bf5474bb1b02021-12-21 11:22:41.193root 11241100x8000000000000000523244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e434d596bd45282021-12-21 11:22:41.193root 11241100x8000000000000000523245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b821cf6efb78e52021-12-21 11:22:41.193root 11241100x8000000000000000523246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c0edb4a5bffe82021-12-21 11:22:41.193root 11241100x8000000000000000523247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d22b61c33c44382021-12-21 11:22:41.194root 11241100x8000000000000000523248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdb501d7bf56e352021-12-21 11:22:41.693root 11241100x8000000000000000523249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca55c6bf2a3a2262021-12-21 11:22:41.693root 11241100x8000000000000000523250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a17121cb82c24aa2021-12-21 11:22:41.693root 11241100x8000000000000000523251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46730a91644f9a22021-12-21 11:22:41.694root 11241100x8000000000000000523252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285e476b8af204c22021-12-21 11:22:41.694root 11241100x8000000000000000523253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bd3c2797305c092021-12-21 11:22:41.695root 11241100x8000000000000000523254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca45bd6f4b749282021-12-21 11:22:41.695root 354300x8000000000000000523255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.027{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48452-false10.0.1.12-8000- 11241100x8000000000000000523256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cc8dd9c109f3062021-12-21 11:22:42.028root 11241100x8000000000000000523257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b473ac5014c68d182021-12-21 11:22:42.028root 11241100x8000000000000000523258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e404e376881e8692021-12-21 11:22:42.028root 11241100x8000000000000000523259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacb3b1adf53befa2021-12-21 11:22:42.029root 11241100x8000000000000000523260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d9e9ef390ae83c2021-12-21 11:22:42.029root 11241100x8000000000000000523261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79c06261b5f42462021-12-21 11:22:42.029root 11241100x8000000000000000523262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b2472829a921e2021-12-21 11:22:42.029root 11241100x8000000000000000523263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f9624106ee3b962021-12-21 11:22:42.029root 11241100x8000000000000000523264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e39c9a93620df52021-12-21 11:22:42.443root 11241100x8000000000000000523265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f8a9a71fba05482021-12-21 11:22:42.443root 11241100x8000000000000000523266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7dc38c362582b02021-12-21 11:22:42.443root 11241100x8000000000000000523267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6135bc5432cb0972021-12-21 11:22:42.443root 11241100x8000000000000000523268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a44426a69c253d2021-12-21 11:22:42.443root 11241100x8000000000000000523269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83c0b7ef9eb0c272021-12-21 11:22:42.443root 11241100x8000000000000000523270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb8e60b0e0fe3c2021-12-21 11:22:42.443root 11241100x8000000000000000523271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58044b2c0859c0872021-12-21 11:22:42.443root 11241100x8000000000000000523272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04467cba935ec522021-12-21 11:22:42.943root 11241100x8000000000000000523273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b83c55991a8d72021-12-21 11:22:42.943root 11241100x8000000000000000523274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deb8840acd812662021-12-21 11:22:42.943root 11241100x8000000000000000523275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fad14b56a149612021-12-21 11:22:42.943root 11241100x8000000000000000523276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6e0ab15904be702021-12-21 11:22:42.943root 11241100x8000000000000000523277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33dedd730b7e5542021-12-21 11:22:42.943root 11241100x8000000000000000523278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4255946d5712fa62021-12-21 11:22:42.943root 11241100x8000000000000000523279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac306ec56858aba32021-12-21 11:22:42.943root 11241100x8000000000000000523280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc427955c05557502021-12-21 11:22:43.443root 11241100x8000000000000000523281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75014f9c3d8a91e32021-12-21 11:22:43.443root 11241100x8000000000000000523282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf43dcb87b0abc132021-12-21 11:22:43.443root 11241100x8000000000000000523283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9f1f6cccf01b02021-12-21 11:22:43.443root 11241100x8000000000000000523284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d43688ca7e87df42021-12-21 11:22:43.443root 11241100x8000000000000000523285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf63900119e20ba2021-12-21 11:22:43.443root 11241100x8000000000000000523286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4370382005ed90ca2021-12-21 11:22:43.443root 11241100x8000000000000000523287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dbd2b1d3e0ce922021-12-21 11:22:43.443root 11241100x8000000000000000523288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09374bba18dea8ee2021-12-21 11:22:43.943root 11241100x8000000000000000523289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3d83db9dca28d92021-12-21 11:22:43.943root 11241100x8000000000000000523290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e910f6cdde77d62021-12-21 11:22:43.943root 11241100x8000000000000000523291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ca17a50c01963a2021-12-21 11:22:43.943root 11241100x8000000000000000523292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0590be0f60927b432021-12-21 11:22:43.943root 11241100x8000000000000000523293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf33fa2453a7aa2021-12-21 11:22:43.943root 11241100x8000000000000000523294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b5e68e684473ba2021-12-21 11:22:43.943root 11241100x8000000000000000523295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef8f4eeaa6a1a9c2021-12-21 11:22:43.943root 11241100x8000000000000000523296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0157be9cfbd5dd2021-12-21 11:22:44.443root 11241100x8000000000000000523297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1aac4cd442b8b92021-12-21 11:22:44.443root 11241100x8000000000000000523298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6d0f18e1725ae22021-12-21 11:22:44.443root 11241100x8000000000000000523299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14721a8132d115b72021-12-21 11:22:44.443root 11241100x8000000000000000523300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd9bb8e0b8777532021-12-21 11:22:44.443root 11241100x8000000000000000523301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68804272a518890d2021-12-21 11:22:44.443root 11241100x8000000000000000523302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b40a2357c1e702021-12-21 11:22:44.443root 11241100x8000000000000000523303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28fe5747e1dcf412021-12-21 11:22:44.443root 11241100x8000000000000000523304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec18af1ddef5b0b2021-12-21 11:22:44.943root 11241100x8000000000000000523305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff508783de7470952021-12-21 11:22:44.943root 11241100x8000000000000000523306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0a1011eb438d572021-12-21 11:22:44.943root 11241100x8000000000000000523307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a30fb706ced9bfa2021-12-21 11:22:44.943root 11241100x8000000000000000523308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414e4508e463f0c2021-12-21 11:22:44.943root 11241100x8000000000000000523309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184bac64d2a1ec412021-12-21 11:22:44.943root 11241100x8000000000000000523310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e77581a6bdd2b1f2021-12-21 11:22:44.943root 11241100x8000000000000000523311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776690814710fed22021-12-21 11:22:44.943root 11241100x8000000000000000523312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb869557f87d17a2021-12-21 11:22:45.443root 11241100x8000000000000000523313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c5e204e5f5a5cc2021-12-21 11:22:45.443root 11241100x8000000000000000523314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2d6745fa0245422021-12-21 11:22:45.443root 11241100x8000000000000000523315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001b11a5f12a30212021-12-21 11:22:45.443root 11241100x8000000000000000523316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59df4fb005f225472021-12-21 11:22:45.443root 11241100x8000000000000000523317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162be534861d9ff12021-12-21 11:22:45.443root 11241100x8000000000000000523318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128994c5134c8ee92021-12-21 11:22:45.443root 11241100x8000000000000000523319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c031f24ccd2a20a2021-12-21 11:22:45.443root 11241100x8000000000000000523320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26adf100d3e0fcf72021-12-21 11:22:45.943root 11241100x8000000000000000523321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4114cced55a65eb22021-12-21 11:22:45.943root 11241100x8000000000000000523322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c88cad77af834352021-12-21 11:22:45.943root 11241100x8000000000000000523323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e512df39474bcfca2021-12-21 11:22:45.943root 11241100x8000000000000000523324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deefe45c53fb5852021-12-21 11:22:45.943root 11241100x8000000000000000523325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc09bee77b981d002021-12-21 11:22:45.943root 11241100x8000000000000000523326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7398357a7900fe702021-12-21 11:22:45.943root 11241100x8000000000000000523327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2f19a5d13961c2021-12-21 11:22:45.944root 11241100x8000000000000000523328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407bd5ec82db1aa2021-12-21 11:22:46.443root 11241100x8000000000000000523329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dc89cbd42ae6902021-12-21 11:22:46.443root 11241100x8000000000000000523330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048418ce1610e08e2021-12-21 11:22:46.443root 11241100x8000000000000000523331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d751e8978f59332021-12-21 11:22:46.443root 11241100x8000000000000000523332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b92be7cc8c44cc2021-12-21 11:22:46.443root 11241100x8000000000000000523333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86afa1e61738490e2021-12-21 11:22:46.443root 11241100x8000000000000000523334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffdb50dbe15ca702021-12-21 11:22:46.443root 11241100x8000000000000000523335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2a9e8b3ab03b22021-12-21 11:22:46.443root 11241100x8000000000000000523336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6909789d8f1b44642021-12-21 11:22:46.943root 11241100x8000000000000000523337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33c846f67ded9332021-12-21 11:22:46.943root 11241100x8000000000000000523338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86ccdfacebe6b3c2021-12-21 11:22:46.943root 11241100x8000000000000000523339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf476d4668d41c12021-12-21 11:22:46.943root 11241100x8000000000000000523340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a6f29603a9daab2021-12-21 11:22:46.943root 11241100x8000000000000000523341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb17fe300097942021-12-21 11:22:46.943root 11241100x8000000000000000523342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1109d52577d8e2a2021-12-21 11:22:46.943root 11241100x8000000000000000523343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffff4ec0998969b2021-12-21 11:22:46.943root 354300x8000000000000000523344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48454-false10.0.1.12-8000- 11241100x8000000000000000523345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ff10b1a546f72b2021-12-21 11:22:47.443root 11241100x8000000000000000523346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638402b2be0bb09f2021-12-21 11:22:47.443root 11241100x8000000000000000523347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b380a5b98d57caba2021-12-21 11:22:47.443root 11241100x8000000000000000523348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1bdd1c3170a0d22021-12-21 11:22:47.443root 11241100x8000000000000000523349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b6d278a67d9822021-12-21 11:22:47.443root 11241100x8000000000000000523350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13101401fb6da6552021-12-21 11:22:47.443root 11241100x8000000000000000523351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5533b625a888482021-12-21 11:22:47.443root 11241100x8000000000000000523352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583510ad0d3c33a82021-12-21 11:22:47.443root 11241100x8000000000000000523353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dae046c8320bb52021-12-21 11:22:47.443root 11241100x8000000000000000523354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941372a0a76b8fad2021-12-21 11:22:47.943root 11241100x8000000000000000523355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20430f063059f5f82021-12-21 11:22:47.943root 11241100x8000000000000000523356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf8edf953ffdb02021-12-21 11:22:47.943root 11241100x8000000000000000523357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1861b13edfd4b292021-12-21 11:22:47.943root 11241100x8000000000000000523358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60291b77a1ad90e12021-12-21 11:22:47.943root 11241100x8000000000000000523359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0a31eb08e302c52021-12-21 11:22:47.943root 11241100x8000000000000000523360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987343bd77f700ce2021-12-21 11:22:47.943root 11241100x8000000000000000523361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d729f69123cbd12021-12-21 11:22:47.943root 11241100x8000000000000000523362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5355787aa7572822021-12-21 11:22:47.944root 11241100x8000000000000000523363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb3088e7246db7d2021-12-21 11:22:48.443root 11241100x8000000000000000523364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d5d5ebf6ddc9672021-12-21 11:22:48.443root 11241100x8000000000000000523365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e070bc74a51c56b32021-12-21 11:22:48.443root 11241100x8000000000000000523366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5c8a706a01f792021-12-21 11:22:48.443root 11241100x8000000000000000523367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8455eeed63136f2021-12-21 11:22:48.443root 11241100x8000000000000000523368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671cb6e147efd052021-12-21 11:22:48.443root 11241100x8000000000000000523369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1092203b43c5b9792021-12-21 11:22:48.443root 11241100x8000000000000000523370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad69df3ea44942d2021-12-21 11:22:48.444root 11241100x8000000000000000523371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e99411e2fb1cee32021-12-21 11:22:48.444root 11241100x8000000000000000523372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf393f6e56f55be2021-12-21 11:22:48.943root 11241100x8000000000000000523373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a41a2002a0eaa82021-12-21 11:22:48.943root 11241100x8000000000000000523374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13333103aae6b92021-12-21 11:22:48.943root 11241100x8000000000000000523375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52121f3f21ddc40e2021-12-21 11:22:48.943root 11241100x8000000000000000523376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c538b5e48501572021-12-21 11:22:48.943root 11241100x8000000000000000523377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425145ce81eef6c2021-12-21 11:22:48.943root 11241100x8000000000000000523378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb44c2566e3de6f2021-12-21 11:22:48.943root 11241100x8000000000000000523379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850ec511e80792162021-12-21 11:22:48.944root 11241100x8000000000000000523380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7bf506baa849012021-12-21 11:22:48.944root 11241100x8000000000000000523381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8e81a36c3da042021-12-21 11:22:49.443root 11241100x8000000000000000523382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f239fd4de8f2582021-12-21 11:22:49.443root 11241100x8000000000000000523383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a99cc6d8152eb72021-12-21 11:22:49.443root 11241100x8000000000000000523384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fe5eef4101afe72021-12-21 11:22:49.443root 11241100x8000000000000000523385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996e14b37fe0cb5e2021-12-21 11:22:49.443root 11241100x8000000000000000523386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefb6d3db1d9bd912021-12-21 11:22:49.444root 11241100x8000000000000000523387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1cda3da06a2042021-12-21 11:22:49.444root 11241100x8000000000000000523388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac3fdf589361722021-12-21 11:22:49.444root 11241100x8000000000000000523389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942f1e80899b8062021-12-21 11:22:49.444root 11241100x8000000000000000523390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875756fabbcacaa52021-12-21 11:22:49.943root 11241100x8000000000000000523391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b127e66114c7d72021-12-21 11:22:49.943root 11241100x8000000000000000523392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ee551ec19a82122021-12-21 11:22:49.943root 11241100x8000000000000000523393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c2be245711e482021-12-21 11:22:49.943root 11241100x8000000000000000523394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815f89cd425054752021-12-21 11:22:49.943root 11241100x8000000000000000523395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656250ab4e15ffea2021-12-21 11:22:49.943root 11241100x8000000000000000523396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46dbbc8aa97fd1d2021-12-21 11:22:49.944root 11241100x8000000000000000523397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd61cd57570994b12021-12-21 11:22:49.944root 11241100x8000000000000000523398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb2448ef75c4e242021-12-21 11:22:49.944root 11241100x8000000000000000523399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c8c9800867277f2021-12-21 11:22:50.443root 11241100x8000000000000000523400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80437f75d47ad8802021-12-21 11:22:50.443root 11241100x8000000000000000523401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afba97a5db670ca2021-12-21 11:22:50.443root 11241100x8000000000000000523402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c47279c1d89d62021-12-21 11:22:50.443root 11241100x8000000000000000523403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d60c2ff5b48cb2021-12-21 11:22:50.443root 11241100x8000000000000000523404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5486f608d147eb2021-12-21 11:22:50.443root 11241100x8000000000000000523405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb34e8b46a380d2021-12-21 11:22:50.443root 11241100x8000000000000000523406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72159d61848e36462021-12-21 11:22:50.444root 11241100x8000000000000000523407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7cc3e6013b9d752021-12-21 11:22:50.444root 11241100x8000000000000000523408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47cf7c1ce0aef442021-12-21 11:22:50.943root 11241100x8000000000000000523409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e2543d3191505f2021-12-21 11:22:50.943root 11241100x8000000000000000523410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e348457993354372021-12-21 11:22:50.943root 11241100x8000000000000000523411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a514d9b0a6eda622021-12-21 11:22:50.943root 11241100x8000000000000000523412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f389210628df2dd2021-12-21 11:22:50.943root 11241100x8000000000000000523413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3478d870c4462792021-12-21 11:22:50.944root 11241100x8000000000000000523414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bc6351c13610412021-12-21 11:22:50.944root 11241100x8000000000000000523415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9459e05892b1aef2021-12-21 11:22:50.944root 11241100x8000000000000000523416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ec6d78604042742021-12-21 11:22:50.944root 11241100x8000000000000000523417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28a29e03aa6f0d2021-12-21 11:22:51.443root 11241100x8000000000000000523418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f95bc959a25c3e92021-12-21 11:22:51.443root 11241100x8000000000000000523419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c346e9a93b1fe2021-12-21 11:22:51.443root 11241100x8000000000000000523420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37565a1e64378ae2021-12-21 11:22:51.443root 11241100x8000000000000000523421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c0d70b065e8f4f2021-12-21 11:22:51.443root 11241100x8000000000000000523422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb23ee7b0fb3e72021-12-21 11:22:51.443root 11241100x8000000000000000523423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55605f4177c402ec2021-12-21 11:22:51.443root 11241100x8000000000000000523424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca92ee4a9d33ff5c2021-12-21 11:22:51.443root 11241100x8000000000000000523425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceb85383356b9a22021-12-21 11:22:51.443root 11241100x8000000000000000523426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd8efe7616ae242021-12-21 11:22:51.943root 11241100x8000000000000000523427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a472bcc8c6f8c90a2021-12-21 11:22:51.943root 11241100x8000000000000000523428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae85b90b59e192712021-12-21 11:22:51.943root 11241100x8000000000000000523429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbb1f72efb30f62021-12-21 11:22:51.943root 11241100x8000000000000000523430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6181d9320c125052021-12-21 11:22:51.943root 11241100x8000000000000000523431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e18843c74cf54c2021-12-21 11:22:51.943root 11241100x8000000000000000523432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8fa27f44411d32021-12-21 11:22:51.943root 11241100x8000000000000000523433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b64e6cc1183f26c2021-12-21 11:22:51.943root 11241100x8000000000000000523434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229b8e94b5dfefe12021-12-21 11:22:51.943root 11241100x8000000000000000523435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d6610ada6a35862021-12-21 11:22:52.443root 11241100x8000000000000000523436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0b9b905d4067b82021-12-21 11:22:52.443root 11241100x8000000000000000523437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ccf3d17ac183b2021-12-21 11:22:52.443root 11241100x8000000000000000523438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7141ce7f58d8e5b2021-12-21 11:22:52.443root 11241100x8000000000000000523439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e474b9af92ede42021-12-21 11:22:52.443root 11241100x8000000000000000523440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc25de6474e69992021-12-21 11:22:52.443root 11241100x8000000000000000523441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe735ed72f7ffe02021-12-21 11:22:52.443root 11241100x8000000000000000523442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12aa8d3924e092c2021-12-21 11:22:52.443root 11241100x8000000000000000523443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19ffa427fa586222021-12-21 11:22:52.443root 11241100x8000000000000000523444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb19b0e2117f9e232021-12-21 11:22:52.943root 11241100x8000000000000000523445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da328cf68215c3952021-12-21 11:22:52.943root 11241100x8000000000000000523446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8a554318c4fa4f2021-12-21 11:22:52.943root 11241100x8000000000000000523447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4c550a449897372021-12-21 11:22:52.943root 11241100x8000000000000000523448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfcf3c752f9037b2021-12-21 11:22:52.943root 11241100x8000000000000000523449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e321852535b7a67c2021-12-21 11:22:52.943root 11241100x8000000000000000523450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b511920c00806e02021-12-21 11:22:52.943root 11241100x8000000000000000523451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bacd8ac1537b0ef2021-12-21 11:22:52.943root 11241100x8000000000000000523452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c98e1f27c6f2d62021-12-21 11:22:52.943root 354300x8000000000000000523453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48456-false10.0.1.12-8000- 11241100x8000000000000000523454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f02960f21cb9c1d2021-12-21 11:22:53.443root 11241100x8000000000000000523455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57be8016ee6d43cb2021-12-21 11:22:53.443root 11241100x8000000000000000523456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3595d9841cecde2021-12-21 11:22:53.443root 11241100x8000000000000000523457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3051f0bc388904352021-12-21 11:22:53.443root 11241100x8000000000000000523458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66da2477b78c13d52021-12-21 11:22:53.443root 11241100x8000000000000000523459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c7856b826d89f82021-12-21 11:22:53.444root 11241100x8000000000000000523460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9ad409c19da9e2021-12-21 11:22:53.444root 11241100x8000000000000000523461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b36d4dbbb471b2021-12-21 11:22:53.444root 11241100x8000000000000000523462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980f90c607592772021-12-21 11:22:53.444root 11241100x8000000000000000523463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee0d8b3f276b61c2021-12-21 11:22:53.444root 11241100x8000000000000000523464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3e0ec52fbd4ef2021-12-21 11:22:53.943root 11241100x8000000000000000523465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eeaa2bc1f07c032021-12-21 11:22:53.943root 11241100x8000000000000000523466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97aa119da619e242021-12-21 11:22:53.943root 11241100x8000000000000000523467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cd1cf0667b69d62021-12-21 11:22:53.943root 11241100x8000000000000000523468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12263dcd13267062021-12-21 11:22:53.943root 11241100x8000000000000000523469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318e5efdf28d55202021-12-21 11:22:53.943root 11241100x8000000000000000523470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d0bb0663aa9992021-12-21 11:22:53.943root 11241100x8000000000000000523471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caf7512dabe508a2021-12-21 11:22:53.943root 11241100x8000000000000000523472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3d8bff1c4ad3d92021-12-21 11:22:53.943root 11241100x8000000000000000523473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a15f1fe147471b22021-12-21 11:22:53.943root 11241100x8000000000000000523474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c38f7112d0acc92021-12-21 11:22:54.443root 11241100x8000000000000000523475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53439081d77e362021-12-21 11:22:54.443root 11241100x8000000000000000523476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc00f7c3dc6e7f2021-12-21 11:22:54.443root 11241100x8000000000000000523477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22992b8bd0bd702021-12-21 11:22:54.443root 11241100x8000000000000000523478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6443ec599c586f32021-12-21 11:22:54.443root 11241100x8000000000000000523479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb55b45aee10b22021-12-21 11:22:54.443root 11241100x8000000000000000523480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4df8577f0f97852021-12-21 11:22:54.443root 11241100x8000000000000000523481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db53f477a6beac612021-12-21 11:22:54.443root 11241100x8000000000000000523482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f817fa72af9ba7cb2021-12-21 11:22:54.443root 11241100x8000000000000000523483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248f844d19d137bb2021-12-21 11:22:54.443root 11241100x8000000000000000523484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9acd904c7142a2021-12-21 11:22:54.943root 11241100x8000000000000000523485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a3a4c07244c992021-12-21 11:22:54.943root 11241100x8000000000000000523486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70099b3770be5c302021-12-21 11:22:54.943root 11241100x8000000000000000523487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d70c9f376809d92021-12-21 11:22:54.943root 11241100x8000000000000000523488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4df93fd620938152021-12-21 11:22:54.943root 11241100x8000000000000000523489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a286a973bb625732021-12-21 11:22:54.943root 11241100x8000000000000000523490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65872163e1f9d2442021-12-21 11:22:54.943root 11241100x8000000000000000523491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39948d4d1e68231f2021-12-21 11:22:54.943root 11241100x8000000000000000523492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572825f0fb60b12f2021-12-21 11:22:54.943root 11241100x8000000000000000523493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4995719596633c2021-12-21 11:22:54.944root 11241100x8000000000000000523494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9ba0bc8e9504272021-12-21 11:22:55.443root 11241100x8000000000000000523495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73709b84b6f862f2021-12-21 11:22:55.443root 11241100x8000000000000000523496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a5cc06b9d176202021-12-21 11:22:55.443root 11241100x8000000000000000523497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46e094939d3c3322021-12-21 11:22:55.443root 11241100x8000000000000000523498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f552d72ab42280de2021-12-21 11:22:55.443root 11241100x8000000000000000523499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6d644f8e560f032021-12-21 11:22:55.443root 11241100x8000000000000000523500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b44c3d9c28dcb2021-12-21 11:22:55.443root 11241100x8000000000000000523501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1003acacfc45b802021-12-21 11:22:55.443root 11241100x8000000000000000523502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06adc080c91a97d2021-12-21 11:22:55.444root 11241100x8000000000000000523503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928b19eb5b54727f2021-12-21 11:22:55.444root 11241100x8000000000000000523504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d6749011fd76d2021-12-21 11:22:55.943root 11241100x8000000000000000523505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d08fdaa696d3272021-12-21 11:22:55.943root 11241100x8000000000000000523506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe3cd39031bba82021-12-21 11:22:55.943root 11241100x8000000000000000523507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9af9c87b3aa2ad92021-12-21 11:22:55.943root 11241100x8000000000000000523508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60498580f151233d2021-12-21 11:22:55.943root 11241100x8000000000000000523509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdb17a14fe577f02021-12-21 11:22:55.943root 11241100x8000000000000000523510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dffcb2a665b54632021-12-21 11:22:55.943root 11241100x8000000000000000523511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d1cb99502a4c42021-12-21 11:22:55.943root 11241100x8000000000000000523512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c06eb52b9d962f22021-12-21 11:22:55.943root 11241100x8000000000000000523513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c04c168212d69e2021-12-21 11:22:55.943root 11241100x8000000000000000523514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe14d14a23527202021-12-21 11:22:56.443root 11241100x8000000000000000523515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ab0aa915f0d842021-12-21 11:22:56.443root 11241100x8000000000000000523516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252655044d3753202021-12-21 11:22:56.443root 11241100x8000000000000000523517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32220e660829c4762021-12-21 11:22:56.443root 11241100x8000000000000000523518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef44c84d192f8bd2021-12-21 11:22:56.443root 11241100x8000000000000000523519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e5b6030829e9412021-12-21 11:22:56.443root 11241100x8000000000000000523520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb34d4a5f833d52021-12-21 11:22:56.443root 11241100x8000000000000000523521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092b9a6d94a159ea2021-12-21 11:22:56.443root 11241100x8000000000000000523522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d379e931ac1c943a2021-12-21 11:22:56.443root 11241100x8000000000000000523523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd3a03b60f802fd2021-12-21 11:22:56.443root 11241100x8000000000000000523524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cd2b853240c0882021-12-21 11:22:56.943root 11241100x8000000000000000523525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8842b58781116542021-12-21 11:22:56.943root 11241100x8000000000000000523526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3962c1ed1f5cedb2021-12-21 11:22:56.943root 11241100x8000000000000000523527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6731a70acc3602132021-12-21 11:22:56.943root 11241100x8000000000000000523528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076d5af265352e22021-12-21 11:22:56.943root 11241100x8000000000000000523529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5327aff5b061cbec2021-12-21 11:22:56.943root 11241100x8000000000000000523530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bcb94ee37472f52021-12-21 11:22:56.943root 11241100x8000000000000000523531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26215036af4dfea22021-12-21 11:22:56.943root 11241100x8000000000000000523532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56541b59af70f35f2021-12-21 11:22:56.943root 11241100x8000000000000000523533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdbac26b240d66c2021-12-21 11:22:56.943root 11241100x8000000000000000523534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5779442d838bf52021-12-21 11:22:57.443root 11241100x8000000000000000523535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2f975e74b5fc892021-12-21 11:22:57.443root 11241100x8000000000000000523536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef7764fc270ec22021-12-21 11:22:57.443root 11241100x8000000000000000523537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd8b8314037336b2021-12-21 11:22:57.443root 11241100x8000000000000000523538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01f6e19734a381a2021-12-21 11:22:57.443root 11241100x8000000000000000523539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7735ed50d806c4602021-12-21 11:22:57.443root 11241100x8000000000000000523540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601c48b06145d2cb2021-12-21 11:22:57.444root 11241100x8000000000000000523541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c2edc4067a303c2021-12-21 11:22:57.444root 11241100x8000000000000000523542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97326193d46b262021-12-21 11:22:57.444root 11241100x8000000000000000523543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16318c6a8db655292021-12-21 11:22:57.444root 11241100x8000000000000000523544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f241983b8b910cfb2021-12-21 11:22:57.943root 11241100x8000000000000000523545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3228613d0a6da172021-12-21 11:22:57.943root 11241100x8000000000000000523546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818e31c89dcf58b2021-12-21 11:22:57.943root 11241100x8000000000000000523547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d66d0d5365c2b52021-12-21 11:22:57.943root 11241100x8000000000000000523548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8452cc87d26e55182021-12-21 11:22:57.943root 11241100x8000000000000000523549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff53113dfb7d4d2021-12-21 11:22:57.943root 11241100x8000000000000000523550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2abd635addb8272021-12-21 11:22:57.943root 11241100x8000000000000000523551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da76d1aef34df6d2021-12-21 11:22:57.943root 11241100x8000000000000000523552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988cdc4e7e5a7692021-12-21 11:22:57.944root 11241100x8000000000000000523553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab761f598e6ee7b02021-12-21 11:22:57.944root 354300x8000000000000000523554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.172{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48458-false10.0.1.12-8000- 11241100x8000000000000000523555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f759fe000b5d0be2021-12-21 11:22:58.443root 11241100x8000000000000000523556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7052ce80d4aa2722021-12-21 11:22:58.443root 11241100x8000000000000000523557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab5bc0eb0e796fc2021-12-21 11:22:58.443root 11241100x8000000000000000523558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d2fdae6efe27c2021-12-21 11:22:58.443root 11241100x8000000000000000523559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31264c93634f4d02021-12-21 11:22:58.443root 11241100x8000000000000000523560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beda13b512fa02842021-12-21 11:22:58.443root 11241100x8000000000000000523561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d39f7c63b7c12082021-12-21 11:22:58.443root 11241100x8000000000000000523562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdc0a104090d74b2021-12-21 11:22:58.443root 11241100x8000000000000000523563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f9da7dc4a307a52021-12-21 11:22:58.443root 11241100x8000000000000000523564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b13ad215567b2ef2021-12-21 11:22:58.444root 11241100x8000000000000000523565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98df291942feee2021-12-21 11:22:58.444root 11241100x8000000000000000523566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4340affe76d73a6d2021-12-21 11:22:58.943root 11241100x8000000000000000523567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60439545f7fe5352021-12-21 11:22:58.943root 11241100x8000000000000000523568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82be83d5290d5a852021-12-21 11:22:58.943root 11241100x8000000000000000523569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d0d58485e6219d2021-12-21 11:22:58.943root 11241100x8000000000000000523570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bb1863ef0214722021-12-21 11:22:58.943root 11241100x8000000000000000523571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f662d6ad547eb92021-12-21 11:22:58.943root 11241100x8000000000000000523572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b59a0cf4cb512a2021-12-21 11:22:58.943root 11241100x8000000000000000523573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c4f82c071748c52021-12-21 11:22:58.943root 11241100x8000000000000000523574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0f8395c7f6dbeb2021-12-21 11:22:58.943root 11241100x8000000000000000523575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c015a3435464242021-12-21 11:22:58.944root 11241100x8000000000000000523576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7b0cbd4fbcf58d2021-12-21 11:22:58.944root 11241100x8000000000000000523577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be8863de6fe73d2021-12-21 11:22:59.443root 11241100x8000000000000000523578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a38cda40eb6d96a2021-12-21 11:22:59.443root 11241100x8000000000000000523579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43cb661dc94034f2021-12-21 11:22:59.443root 11241100x8000000000000000523580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7871c4a53ac9842021-12-21 11:22:59.443root 11241100x8000000000000000523581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441de48e1381dd022021-12-21 11:22:59.443root 11241100x8000000000000000523582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea5468fb6c01562021-12-21 11:22:59.443root 11241100x8000000000000000523583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a594bb126e4f76c2021-12-21 11:22:59.443root 11241100x8000000000000000523584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88c2077773efe362021-12-21 11:22:59.444root 11241100x8000000000000000523585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ffb8f4f10857682021-12-21 11:22:59.444root 11241100x8000000000000000523586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bf8056fe143c1e2021-12-21 11:22:59.444root 11241100x8000000000000000523587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ccc2fcb521c6c62021-12-21 11:22:59.444root 11241100x8000000000000000523588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695220e6b3168c0e2021-12-21 11:22:59.943root 11241100x8000000000000000523589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a413e9ae0f64f32021-12-21 11:22:59.943root 11241100x8000000000000000523590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dc7017dc82cd8f2021-12-21 11:22:59.943root 11241100x8000000000000000523591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b55dd2c852cbcd2021-12-21 11:22:59.943root 11241100x8000000000000000523592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17fe44a2df3fbb2021-12-21 11:22:59.943root 11241100x8000000000000000523593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c96a0739cfb86e2021-12-21 11:22:59.943root 11241100x8000000000000000523594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718dd9ba2c5317b42021-12-21 11:22:59.943root 11241100x8000000000000000523595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6f5dc47042c4662021-12-21 11:22:59.943root 11241100x8000000000000000523596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7103feba06e9ce22021-12-21 11:22:59.943root 11241100x8000000000000000523597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335e624577cb0e602021-12-21 11:22:59.943root 11241100x8000000000000000523598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7df1977af38692021-12-21 11:22:59.944root 11241100x8000000000000000523599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8323ea17a4410d92021-12-21 11:23:00.443root 11241100x8000000000000000523600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c70518ffb39bd652021-12-21 11:23:00.443root 11241100x8000000000000000523601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6466fa88e52d9b2021-12-21 11:23:00.443root 11241100x8000000000000000523602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740300dc1de50422021-12-21 11:23:00.444root 11241100x8000000000000000523603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dae34aa806f596e2021-12-21 11:23:00.444root 11241100x8000000000000000523604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f48bec4c7b0c8fa2021-12-21 11:23:00.444root 11241100x8000000000000000523605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3ae66ee63737522021-12-21 11:23:00.444root 11241100x8000000000000000523606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484499b898365d462021-12-21 11:23:00.444root 11241100x8000000000000000523607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e24680265e30c32021-12-21 11:23:00.444root 11241100x8000000000000000523608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7ff157ae5cc1332021-12-21 11:23:00.444root 11241100x8000000000000000523609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1a34a47e1cab42021-12-21 11:23:00.445root 11241100x8000000000000000523610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d94e04bc566b0c2021-12-21 11:23:00.943root 11241100x8000000000000000523611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08d8de14c2b0562021-12-21 11:23:00.944root 11241100x8000000000000000523612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d5fd0cfcd7eef02021-12-21 11:23:00.944root 11241100x8000000000000000523613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36be1bfa79a660812021-12-21 11:23:00.944root 11241100x8000000000000000523614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4312429ba7585e0a2021-12-21 11:23:00.945root 11241100x8000000000000000523615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bcf099b7c3ff8d2021-12-21 11:23:00.945root 11241100x8000000000000000523616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b509d734e3f242021-12-21 11:23:00.945root 11241100x8000000000000000523617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b194fcf5d4d1b6da2021-12-21 11:23:00.945root 11241100x8000000000000000523618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df771dde51918c812021-12-21 11:23:00.946root 11241100x8000000000000000523619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52fee96a09b7b422021-12-21 11:23:00.946root 11241100x8000000000000000523620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d8ae4dbb10a30f2021-12-21 11:23:00.946root 11241100x8000000000000000523621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f775fc92aaac822021-12-21 11:23:01.443root 11241100x8000000000000000523622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318c3aa751c0f2f72021-12-21 11:23:01.443root 11241100x8000000000000000523623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ed038507aeed742021-12-21 11:23:01.443root 11241100x8000000000000000523624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf0376359cade4d2021-12-21 11:23:01.443root 11241100x8000000000000000523625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cdda89d72776d42021-12-21 11:23:01.443root 11241100x8000000000000000523626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a752ec5240dbce262021-12-21 11:23:01.443root 11241100x8000000000000000523627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cd9256e2423f652021-12-21 11:23:01.444root 11241100x8000000000000000523628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e995d935f8682c92021-12-21 11:23:01.444root 11241100x8000000000000000523629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a4dd63637336ee2021-12-21 11:23:01.444root 11241100x8000000000000000523630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09fb1978bc6755f2021-12-21 11:23:01.444root 11241100x8000000000000000523631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae9337aebd959ef2021-12-21 11:23:01.444root 11241100x8000000000000000523632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e068dd263a67b62021-12-21 11:23:01.943root 11241100x8000000000000000523633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5735968b08707e9c2021-12-21 11:23:01.943root 11241100x8000000000000000523634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b6fd59339bb242021-12-21 11:23:01.943root 11241100x8000000000000000523635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7547e8737661b382021-12-21 11:23:01.943root 11241100x8000000000000000523636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2218ee7feb4010b52021-12-21 11:23:01.943root 11241100x8000000000000000523637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e2f7c0f11894c2021-12-21 11:23:01.943root 11241100x8000000000000000523638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870a7b19d95cd7072021-12-21 11:23:01.943root 11241100x8000000000000000523639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f605c4bdafd0dcda2021-12-21 11:23:01.944root 11241100x8000000000000000523640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9314e535f7e902021-12-21 11:23:01.944root 11241100x8000000000000000523641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598f682a4d04f8f2021-12-21 11:23:01.944root 11241100x8000000000000000523642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1a213b7b5a8db72021-12-21 11:23:01.944root 11241100x8000000000000000523643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9554f7357f9063c12021-12-21 11:23:02.443root 11241100x8000000000000000523644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65b8aa02d24e5992021-12-21 11:23:02.443root 11241100x8000000000000000523645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5484ef9f639527732021-12-21 11:23:02.443root 11241100x8000000000000000523646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d6689a1209e19e2021-12-21 11:23:02.443root 11241100x8000000000000000523647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5672339bd180404f2021-12-21 11:23:02.443root 11241100x8000000000000000523648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903b120a0357326b2021-12-21 11:23:02.444root 11241100x8000000000000000523649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317393d433f6a3e2021-12-21 11:23:02.444root 11241100x8000000000000000523650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc78f2e723ae0d2021-12-21 11:23:02.444root 11241100x8000000000000000523651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a49a21babb98202021-12-21 11:23:02.444root 11241100x8000000000000000523652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ce12d82080dd872021-12-21 11:23:02.444root 11241100x8000000000000000523653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5f1285ece7507d2021-12-21 11:23:02.444root 11241100x8000000000000000523654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c5a3b8b27524c12021-12-21 11:23:02.943root 11241100x8000000000000000523655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2406a141053a9c72021-12-21 11:23:02.943root 11241100x8000000000000000523656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb304d8a4a5e42f2021-12-21 11:23:02.943root 11241100x8000000000000000523657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1b3a35b9b359e2021-12-21 11:23:02.943root 11241100x8000000000000000523658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195a1be619f73a5b2021-12-21 11:23:02.943root 11241100x8000000000000000523659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac1b1530e5b36872021-12-21 11:23:02.943root 11241100x8000000000000000523660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5bdd7f598ed912021-12-21 11:23:02.944root 11241100x8000000000000000523661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819e627e855eb9052021-12-21 11:23:02.944root 11241100x8000000000000000523662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91a6121fd89e08e2021-12-21 11:23:02.944root 11241100x8000000000000000523663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c9db17ece0297b2021-12-21 11:23:02.944root 11241100x8000000000000000523664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2a86b55d4dd6b62021-12-21 11:23:02.944root 11241100x8000000000000000523665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a6b1654ba45c32021-12-21 11:23:03.443root 11241100x8000000000000000523666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3131548245b6162021-12-21 11:23:03.443root 11241100x8000000000000000523667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2be00172f989b2021-12-21 11:23:03.443root 11241100x8000000000000000523668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13efcf6243be6f182021-12-21 11:23:03.443root 11241100x8000000000000000523669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b43440ce741e8872021-12-21 11:23:03.444root 11241100x8000000000000000523670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b25eeafe7403242021-12-21 11:23:03.444root 11241100x8000000000000000523671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fde132e4d6f92e2021-12-21 11:23:03.444root 11241100x8000000000000000523672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f13ebc6941a5f7c2021-12-21 11:23:03.444root 11241100x8000000000000000523673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e706011e3bc06f2021-12-21 11:23:03.444root 11241100x8000000000000000523674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabdc8e22e1279482021-12-21 11:23:03.444root 11241100x8000000000000000523675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065cc44590562872021-12-21 11:23:03.444root 11241100x8000000000000000523676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c69ac6551cb464b2021-12-21 11:23:03.943root 11241100x8000000000000000523677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3e7c13dc3c0ef52021-12-21 11:23:03.943root 11241100x8000000000000000523678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe84eed00c27242021-12-21 11:23:03.943root 11241100x8000000000000000523679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2518fdd4d470b1b82021-12-21 11:23:03.943root 11241100x8000000000000000523680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4941b956e5a72272021-12-21 11:23:03.943root 11241100x8000000000000000523681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3a5812b0e94df52021-12-21 11:23:03.943root 11241100x8000000000000000523682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3253c6c3f48c57da2021-12-21 11:23:03.944root 11241100x8000000000000000523683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a87f948f3f39802021-12-21 11:23:03.944root 11241100x8000000000000000523684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164241f651aecce92021-12-21 11:23:03.944root 11241100x8000000000000000523685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934e174068532ab2021-12-21 11:23:03.944root 11241100x8000000000000000523686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534892c28966e7c62021-12-21 11:23:03.944root 354300x8000000000000000523687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.069{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48460-false10.0.1.12-8000- 11241100x8000000000000000523688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26126a787c82c9062021-12-21 11:23:04.443root 11241100x8000000000000000523689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed02c9c5064c3b422021-12-21 11:23:04.443root 11241100x8000000000000000523690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610a723ba2573e972021-12-21 11:23:04.443root 11241100x8000000000000000523691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfbe333615686c2021-12-21 11:23:04.443root 11241100x8000000000000000523692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ba384ab2e4ae192021-12-21 11:23:04.443root 11241100x8000000000000000523693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a632e636e9f86d402021-12-21 11:23:04.443root 11241100x8000000000000000523694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e1d1da874fcc02021-12-21 11:23:04.443root 11241100x8000000000000000523695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4004a1928a004e1a2021-12-21 11:23:04.444root 11241100x8000000000000000523696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d73fac51d452b592021-12-21 11:23:04.444root 11241100x8000000000000000523697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08332086ed144c52021-12-21 11:23:04.444root 11241100x8000000000000000523698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e21dc4ccafc27c2021-12-21 11:23:04.444root 11241100x8000000000000000523699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b68976487f6a6d82021-12-21 11:23:04.444root 11241100x8000000000000000523700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60d724ee6ed8acc2021-12-21 11:23:04.943root 11241100x8000000000000000523701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805edee97bcde0302021-12-21 11:23:04.943root 11241100x8000000000000000523702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b682d06104a57cf2021-12-21 11:23:04.943root 11241100x8000000000000000523703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ebcb14e10dca192021-12-21 11:23:04.944root 11241100x8000000000000000523704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ac8b23d23f2e4b2021-12-21 11:23:04.944root 11241100x8000000000000000523705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd66e461697d81112021-12-21 11:23:04.944root 11241100x8000000000000000523706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c2d07d15e7a8f2021-12-21 11:23:04.944root 11241100x8000000000000000523707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bc2155cd990ae52021-12-21 11:23:04.944root 11241100x8000000000000000523708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9824fd27a7a6229d2021-12-21 11:23:04.944root 11241100x8000000000000000523709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb7f5108641f802021-12-21 11:23:04.944root 11241100x8000000000000000523710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73da27b695ec8c1f2021-12-21 11:23:04.944root 11241100x8000000000000000523711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03cbf0ff2dde9692021-12-21 11:23:04.944root 11241100x8000000000000000523712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1176f6669a45d5032021-12-21 11:23:05.443root 11241100x8000000000000000523713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9919f50e4f0f4a102021-12-21 11:23:05.443root 11241100x8000000000000000523714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c27fee13ad6e42021-12-21 11:23:05.443root 11241100x8000000000000000523715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff42af9ef62658ce2021-12-21 11:23:05.443root 11241100x8000000000000000523716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfd9bfdfebb507c2021-12-21 11:23:05.443root 11241100x8000000000000000523717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be46f9bc2f7c572021-12-21 11:23:05.443root 11241100x8000000000000000523718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c295e8bb2181bb2021-12-21 11:23:05.443root 11241100x8000000000000000523719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228a01a3ed55853c2021-12-21 11:23:05.443root 11241100x8000000000000000523720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad287639e53110912021-12-21 11:23:05.443root 11241100x8000000000000000523721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c23908f81e1cd292021-12-21 11:23:05.444root 11241100x8000000000000000523722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6a065d2763ba342021-12-21 11:23:05.444root 11241100x8000000000000000523723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd295ee80264ef152021-12-21 11:23:05.444root 11241100x8000000000000000523724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394125b4737c48112021-12-21 11:23:05.943root 11241100x8000000000000000523725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4c730e36f1a742021-12-21 11:23:05.943root 11241100x8000000000000000523726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf122528a96fc02021-12-21 11:23:05.943root 11241100x8000000000000000523727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bad7cee767ece562021-12-21 11:23:05.943root 11241100x8000000000000000523728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdc53297fb52ccb2021-12-21 11:23:05.943root 11241100x8000000000000000523729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34cb56d0a7900c2021-12-21 11:23:05.943root 11241100x8000000000000000523730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b239b2d73e581b72021-12-21 11:23:05.943root 11241100x8000000000000000523731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549a59eb2ce889b2021-12-21 11:23:05.943root 11241100x8000000000000000523732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3854b36066ffebdf2021-12-21 11:23:05.944root 11241100x8000000000000000523733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436444da670da0222021-12-21 11:23:05.944root 11241100x8000000000000000523734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b671656c4404e6dc2021-12-21 11:23:05.944root 11241100x8000000000000000523735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3f7247a5fef43c2021-12-21 11:23:05.944root 11241100x8000000000000000523736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:23:06.329root 11241100x8000000000000000523737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9792728eb825a40e2021-12-21 11:23:06.330root 11241100x8000000000000000523738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbabccc8627bf6e2021-12-21 11:23:06.330root 11241100x8000000000000000523739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba89fe92bcdd22652021-12-21 11:23:06.330root 11241100x8000000000000000523740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede27cad45fceebf2021-12-21 11:23:06.330root 11241100x8000000000000000523741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46355f5aab63223c2021-12-21 11:23:06.330root 11241100x8000000000000000523742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311e5f9573c4d26d2021-12-21 11:23:06.330root 11241100x8000000000000000523743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474cdc393e1010d82021-12-21 11:23:06.330root 11241100x8000000000000000523744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace89b84b3d51db2021-12-21 11:23:06.331root 11241100x8000000000000000523745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efae758c20b12962021-12-21 11:23:06.331root 11241100x8000000000000000523746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a83ed6246e3f8a2021-12-21 11:23:06.331root 11241100x8000000000000000523747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b50e5d81213cee82021-12-21 11:23:06.331root 11241100x8000000000000000523748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00e78aa6be7547c2021-12-21 11:23:06.331root 11241100x8000000000000000523749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e518b218e1f9f4b32021-12-21 11:23:06.331root 11241100x8000000000000000523750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3c8b99f68ecfa22021-12-21 11:23:06.692root 11241100x8000000000000000523751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609e9f97d706197a2021-12-21 11:23:06.693root 11241100x8000000000000000523752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b416d32482707f22021-12-21 11:23:06.693root 11241100x8000000000000000523753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4900c2faac9912021-12-21 11:23:06.693root 11241100x8000000000000000523754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4e3a98f8e163d62021-12-21 11:23:06.694root 11241100x8000000000000000523755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed66982da439e752021-12-21 11:23:06.694root 11241100x8000000000000000523756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8ee733026cefe2021-12-21 11:23:06.694root 11241100x8000000000000000523757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f050aa017beedd092021-12-21 11:23:06.694root 11241100x8000000000000000523758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae2373299c768482021-12-21 11:23:06.694root 11241100x8000000000000000523759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eae053bd707f3012021-12-21 11:23:06.694root 11241100x8000000000000000523760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58acd518b3fcdba2021-12-21 11:23:06.694root 11241100x8000000000000000523761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d57d1725d302a82021-12-21 11:23:06.694root 11241100x8000000000000000523762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a8cb4298cc83f32021-12-21 11:23:06.694root 11241100x8000000000000000523763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958143bb999c90b32021-12-21 11:23:07.193root 11241100x8000000000000000523764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4933ee99504ce2021-12-21 11:23:07.193root 11241100x8000000000000000523765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48559da46572decc2021-12-21 11:23:07.193root 11241100x8000000000000000523766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676cc3b9a57147f12021-12-21 11:23:07.193root 11241100x8000000000000000523767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b06773cf601cc912021-12-21 11:23:07.193root 11241100x8000000000000000523768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c3760de24a0112021-12-21 11:23:07.193root 11241100x8000000000000000523769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ac0f3614a3b0e22021-12-21 11:23:07.193root 11241100x8000000000000000523770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0525489cf362612021-12-21 11:23:07.194root 11241100x8000000000000000523771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a9f95c25101152021-12-21 11:23:07.194root 11241100x8000000000000000523772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471cbae42cd1b5f2021-12-21 11:23:07.194root 11241100x8000000000000000523773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d837aaaf6ae5e8882021-12-21 11:23:07.194root 11241100x8000000000000000523774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c972aed361b4f252021-12-21 11:23:07.194root 11241100x8000000000000000523775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2746517b74eaeb2021-12-21 11:23:07.194root 11241100x8000000000000000523776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62229b07f77cb652021-12-21 11:23:07.693root 11241100x8000000000000000523777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af13511a083a9742021-12-21 11:23:07.693root 11241100x8000000000000000523778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94c74b3b267ef612021-12-21 11:23:07.693root 11241100x8000000000000000523779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27ecc06ce60d712021-12-21 11:23:07.693root 11241100x8000000000000000523780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4b48da296b39a72021-12-21 11:23:07.693root 11241100x8000000000000000523781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100c5bbe983a09492021-12-21 11:23:07.693root 11241100x8000000000000000523782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf57f1a2c5f426722021-12-21 11:23:07.693root 11241100x8000000000000000523783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41de7b85ba4c78bb2021-12-21 11:23:07.693root 11241100x8000000000000000523784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a5c9778ee7f4752021-12-21 11:23:07.694root 11241100x8000000000000000523785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614276caec1631d12021-12-21 11:23:07.694root 11241100x8000000000000000523786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcdaf45c73077a42021-12-21 11:23:07.694root 11241100x8000000000000000523787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d199563f7659f2d2021-12-21 11:23:07.694root 11241100x8000000000000000523788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61780076e8b823c2021-12-21 11:23:07.694root 11241100x8000000000000000523789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fdd2da550e5b592021-12-21 11:23:08.193root 11241100x8000000000000000523790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bd175b2b1421ec2021-12-21 11:23:08.193root 11241100x8000000000000000523791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94563fcc8e39c982021-12-21 11:23:08.193root 11241100x8000000000000000523792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa668ef7fec5d1062021-12-21 11:23:08.193root 11241100x8000000000000000523793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a2786fb34cfe382021-12-21 11:23:08.193root 11241100x8000000000000000523794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd5378da55f86532021-12-21 11:23:08.194root 11241100x8000000000000000523795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd0298739201c632021-12-21 11:23:08.194root 11241100x8000000000000000523796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ff5c362da3d9492021-12-21 11:23:08.194root 11241100x8000000000000000523797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e15a5df491d8082021-12-21 11:23:08.194root 11241100x8000000000000000523798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444ec945b62469412021-12-21 11:23:08.194root 11241100x8000000000000000523799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604717244706d6392021-12-21 11:23:08.194root 11241100x8000000000000000523800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d57164e1196c1572021-12-21 11:23:08.194root 11241100x8000000000000000523801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d63a2822f8022852021-12-21 11:23:08.194root 11241100x8000000000000000523802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae9419bf3900ca92021-12-21 11:23:08.693root 11241100x8000000000000000523803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136b2ebb107b64b92021-12-21 11:23:08.693root 11241100x8000000000000000523804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac439292bf645082021-12-21 11:23:08.693root 11241100x8000000000000000523805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d675f28985b9db02021-12-21 11:23:08.693root 11241100x8000000000000000523806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab74fac3344d77c82021-12-21 11:23:08.693root 11241100x8000000000000000523807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c1f819a31bec0b2021-12-21 11:23:08.693root 11241100x8000000000000000523808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f19f031c3fa7bc2021-12-21 11:23:08.694root 11241100x8000000000000000523809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a7d09ad7a53812021-12-21 11:23:08.694root 11241100x8000000000000000523810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da7f741dc619a32021-12-21 11:23:08.694root 11241100x8000000000000000523811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0fa6878a5456502021-12-21 11:23:08.694root 11241100x8000000000000000523812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824be3f9352e2142021-12-21 11:23:08.694root 11241100x8000000000000000523813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8102819b5000ef82021-12-21 11:23:08.694root 11241100x8000000000000000523814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91bbc37407174762021-12-21 11:23:08.694root 354300x8000000000000000523815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.131{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48462-false10.0.1.12-8000- 11241100x8000000000000000523816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071b833ebb657422021-12-21 11:23:09.133root 11241100x8000000000000000523817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a36f6c34f1908d52021-12-21 11:23:09.133root 11241100x8000000000000000523818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07238b7cdf66e8cf2021-12-21 11:23:09.133root 11241100x8000000000000000523819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5571fed489417762021-12-21 11:23:09.133root 11241100x8000000000000000523820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c215ae40f869ae2021-12-21 11:23:09.133root 11241100x8000000000000000523821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da576f27a35b0a72021-12-21 11:23:09.133root 11241100x8000000000000000523822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af6c2cef2cf9d02021-12-21 11:23:09.133root 11241100x8000000000000000523823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a3c9cf559f963d2021-12-21 11:23:09.134root 11241100x8000000000000000523824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ae01deb66e501e2021-12-21 11:23:09.134root 11241100x8000000000000000523825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6ed62458b81e7a2021-12-21 11:23:09.134root 11241100x8000000000000000523826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be49a7e87b907492021-12-21 11:23:09.134root 11241100x8000000000000000523827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83dc287af7e79272021-12-21 11:23:09.134root 11241100x8000000000000000523828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f67f744f6714e392021-12-21 11:23:09.134root 11241100x8000000000000000523829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26632b70e6022b02021-12-21 11:23:09.134root 23542300x8000000000000000523830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.332{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000523831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8674df153834b5962021-12-21 11:23:09.443root 11241100x8000000000000000523832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05044114056dc7062021-12-21 11:23:09.443root 11241100x8000000000000000523833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c10e14bb1f42eb2021-12-21 11:23:09.443root 11241100x8000000000000000523834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ff836b42b7f5052021-12-21 11:23:09.443root 11241100x8000000000000000523835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2500d6bcc04d762021-12-21 11:23:09.443root 11241100x8000000000000000523836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0831be16d0f9742021-12-21 11:23:09.443root 11241100x8000000000000000523837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2218bdf1291127442021-12-21 11:23:09.443root 11241100x8000000000000000523838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb49ba89471071b2021-12-21 11:23:09.443root 11241100x8000000000000000523839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8e1a738623e6a12021-12-21 11:23:09.444root 11241100x8000000000000000523840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cccbbccc21ba022021-12-21 11:23:09.444root 11241100x8000000000000000523841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62060dfd3053eb42021-12-21 11:23:09.444root 11241100x8000000000000000523842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870b8564fe6d62e52021-12-21 11:23:09.444root 11241100x8000000000000000523843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeac68d26ea1d5d62021-12-21 11:23:09.444root 11241100x8000000000000000523844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfd315f5e6925ed2021-12-21 11:23:09.444root 11241100x8000000000000000523845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856aa4b79b108f4e2021-12-21 11:23:09.444root 11241100x8000000000000000523846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebbfe3e73f96fc62021-12-21 11:23:09.943root 11241100x8000000000000000523847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f31c6c6672bfd12021-12-21 11:23:09.943root 11241100x8000000000000000523848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd312baa461a26322021-12-21 11:23:09.943root 11241100x8000000000000000523849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8542bbb0fee5bd6e2021-12-21 11:23:09.943root 11241100x8000000000000000523850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79930093460b6822021-12-21 11:23:09.943root 11241100x8000000000000000523851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7f7f606201a8d02021-12-21 11:23:09.944root 11241100x8000000000000000523852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11360a2839099dc22021-12-21 11:23:09.944root 11241100x8000000000000000523853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec7db14d5c416d92021-12-21 11:23:09.944root 11241100x8000000000000000523854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb3cca5fbb794a2021-12-21 11:23:09.944root 11241100x8000000000000000523855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd278251fdf57e62021-12-21 11:23:09.944root 11241100x8000000000000000523856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1879e8c2c7e7bdd2021-12-21 11:23:09.944root 11241100x8000000000000000523857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d019370e1822e02021-12-21 11:23:09.944root 11241100x8000000000000000523858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfe4e5ce5d558e62021-12-21 11:23:09.944root 11241100x8000000000000000523859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99582fd83399dd782021-12-21 11:23:09.944root 11241100x8000000000000000523860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaf4b84cc274b972021-12-21 11:23:09.944root 11241100x8000000000000000523861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3d7e527b9f73952021-12-21 11:23:10.443root 11241100x8000000000000000523862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff4db602b0abee92021-12-21 11:23:10.443root 11241100x8000000000000000523863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513708ae770a903c2021-12-21 11:23:10.443root 11241100x8000000000000000523864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f341883908d2f2021-12-21 11:23:10.443root 11241100x8000000000000000523865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e928bb8d9d5911c02021-12-21 11:23:10.443root 11241100x8000000000000000523866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a58d8a762bf847e2021-12-21 11:23:10.443root 11241100x8000000000000000523867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895836412f88cb082021-12-21 11:23:10.443root 11241100x8000000000000000523868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86906c3efdde86672021-12-21 11:23:10.444root 11241100x8000000000000000523869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8be35790c7011f2021-12-21 11:23:10.444root 11241100x8000000000000000523870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4aeafc980ddcc52021-12-21 11:23:10.444root 11241100x8000000000000000523871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed4670e3b8046b72021-12-21 11:23:10.444root 11241100x8000000000000000523872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ee7f61ecb2c9402021-12-21 11:23:10.444root 11241100x8000000000000000523873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7680e2c529f07992021-12-21 11:23:10.444root 11241100x8000000000000000523874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d6b308aa6363f22021-12-21 11:23:10.444root 11241100x8000000000000000523875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71565668bea459a72021-12-21 11:23:10.444root 11241100x8000000000000000523876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1153ead9958a0a2021-12-21 11:23:10.444root 11241100x8000000000000000523877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fa2977e02f36662021-12-21 11:23:10.445root 11241100x8000000000000000523878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb385b72685ffc12021-12-21 11:23:10.445root 11241100x8000000000000000523879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e86b3d7c2b5122021-12-21 11:23:10.445root 11241100x8000000000000000523880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c366191bd944d42021-12-21 11:23:10.445root 11241100x8000000000000000523881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4f971f7032d3302021-12-21 11:23:10.445root 11241100x8000000000000000523882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa7ab39a08eaaf2021-12-21 11:23:10.445root 11241100x8000000000000000523883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea691b2517968d102021-12-21 11:23:10.943root 11241100x8000000000000000523884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d87bba7cecbefd2021-12-21 11:23:10.943root 11241100x8000000000000000523885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab913824d401cba2021-12-21 11:23:10.944root 11241100x8000000000000000523886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b0e9d2c47576972021-12-21 11:23:10.944root 11241100x8000000000000000523887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3a2fa8ed1afdc92021-12-21 11:23:10.944root 11241100x8000000000000000523888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f5547d50cbf4632021-12-21 11:23:10.944root 11241100x8000000000000000523889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad684573b3ebd0a2021-12-21 11:23:10.944root 11241100x8000000000000000523890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d8d0b7830c4d862021-12-21 11:23:10.945root 11241100x8000000000000000523891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831d71933f5a62402021-12-21 11:23:10.945root 11241100x8000000000000000523892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b0f31e9d7d1b82021-12-21 11:23:10.945root 11241100x8000000000000000523893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c85b7815428cfd2021-12-21 11:23:10.945root 11241100x8000000000000000523894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190a5b152c84c8362021-12-21 11:23:10.945root 11241100x8000000000000000523895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753517e9f41344202021-12-21 11:23:10.945root 11241100x8000000000000000523896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a1c3f245092daf2021-12-21 11:23:10.946root 11241100x8000000000000000523897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e4bc6b6298a0f32021-12-21 11:23:10.946root 11241100x8000000000000000523898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58a135e5a9e20a62021-12-21 11:23:11.443root 11241100x8000000000000000523899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6aad4b9000f3432021-12-21 11:23:11.444root 11241100x8000000000000000523900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a378fdb30dbfe792021-12-21 11:23:11.444root 11241100x8000000000000000523901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37caa26759a588102021-12-21 11:23:11.444root 11241100x8000000000000000523902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a26691f0cc13e2021-12-21 11:23:11.444root 11241100x8000000000000000523903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f694dba2da62272021-12-21 11:23:11.444root 11241100x8000000000000000523904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50d8ace4082d7de2021-12-21 11:23:11.444root 11241100x8000000000000000523905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b934cd2b7f384c72021-12-21 11:23:11.444root 11241100x8000000000000000523906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274e93550c6f1b3e2021-12-21 11:23:11.444root 11241100x8000000000000000523907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8782b3d213afb4b2021-12-21 11:23:11.444root 11241100x8000000000000000523908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a8805f0cd13f52021-12-21 11:23:11.445root 11241100x8000000000000000523909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b53f6d837ea0d72021-12-21 11:23:11.445root 11241100x8000000000000000523910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada77f4d2c5c91f2021-12-21 11:23:11.445root 11241100x8000000000000000523911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00f8955e4cfe092021-12-21 11:23:11.445root 11241100x8000000000000000523912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9df5706a94dccf2021-12-21 11:23:11.445root 154100x8000000000000000523913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.848{ec2b6afe-b91f-61c1-68d4-cb46dc550000}9860/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000523914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.850{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86311db3bea0de832021-12-21 11:23:11.850root 11241100x8000000000000000523915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5d9e4e3e8ab772021-12-21 11:23:11.851root 11241100x8000000000000000523916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fc796365bf0a7f2021-12-21 11:23:11.851root 11241100x8000000000000000523917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d4471d9968cb02021-12-21 11:23:11.851root 11241100x8000000000000000523918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da64f3d56c27a78f2021-12-21 11:23:11.851root 11241100x8000000000000000523919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e4a3e2a30c91d2021-12-21 11:23:11.851root 11241100x8000000000000000523920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3ad448a54b0c342021-12-21 11:23:11.851root 11241100x8000000000000000523921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.851{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95cb3617ad5905d2021-12-21 11:23:11.851root 11241100x8000000000000000523922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42662743c791ea02021-12-21 11:23:11.852root 11241100x8000000000000000523923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a542790cd502a2021-12-21 11:23:11.852root 11241100x8000000000000000523924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa03e9fb9c453582021-12-21 11:23:11.852root 11241100x8000000000000000523925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb18b468b1047b02021-12-21 11:23:11.852root 11241100x8000000000000000523926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507fa5fa4eec394a2021-12-21 11:23:11.852root 11241100x8000000000000000523927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.852{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2c0340fb21d6022021-12-21 11:23:11.852root 11241100x8000000000000000523928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.853{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd5a87b7ae6707f2021-12-21 11:23:11.853root 11241100x8000000000000000523929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.853{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b793d87d56d05942021-12-21 11:23:11.853root 534500x8000000000000000523930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:11.859{ec2b6afe-b91f-61c1-68d4-cb46dc550000}9860/bin/psroot 11241100x8000000000000000523931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1322379b58a69c552021-12-21 11:23:12.193root 11241100x8000000000000000523932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c46119aaf8447b2021-12-21 11:23:12.193root 11241100x8000000000000000523933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7cde36d8f46a832021-12-21 11:23:12.194root 11241100x8000000000000000523934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bdef56d4b009802021-12-21 11:23:12.194root 11241100x8000000000000000523935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c0a4537b4b408a2021-12-21 11:23:12.194root 11241100x8000000000000000523936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e470811d0a40032021-12-21 11:23:12.194root 11241100x8000000000000000523937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46564a4b68f6f0ee2021-12-21 11:23:12.194root 11241100x8000000000000000523938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac38bd2dd503b52021-12-21 11:23:12.195root 11241100x8000000000000000523939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072a2a0fad1663ca2021-12-21 11:23:12.195root 11241100x8000000000000000523940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3799b851cd8ac8182021-12-21 11:23:12.195root 11241100x8000000000000000523941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eba16d803b7d3f42021-12-21 11:23:12.195root 11241100x8000000000000000523942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d457be70797b5cb2021-12-21 11:23:12.195root 11241100x8000000000000000523943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68023d3cac251d9e2021-12-21 11:23:12.195root 11241100x8000000000000000523944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23225eaf2d568ada2021-12-21 11:23:12.195root 11241100x8000000000000000523945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c58fdf0b9aff6f22021-12-21 11:23:12.195root 11241100x8000000000000000523946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5f369964244de2021-12-21 11:23:12.196root 11241100x8000000000000000523947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922990df4081ad8f2021-12-21 11:23:12.196root 11241100x8000000000000000523948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3475dfc5b94e5c2021-12-21 11:23:12.693root 11241100x8000000000000000523949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc044c1a0a6c2a92021-12-21 11:23:12.693root 11241100x8000000000000000523950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bcb4a106e431902021-12-21 11:23:12.693root 11241100x8000000000000000523951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e713aa8ac7600632021-12-21 11:23:12.693root 11241100x8000000000000000523952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353ddd1b1998fa542021-12-21 11:23:12.693root 11241100x8000000000000000523953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658190487a28117b2021-12-21 11:23:12.694root 11241100x8000000000000000523954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090906b39e1211c12021-12-21 11:23:12.694root 11241100x8000000000000000523955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9dfdfeeb16e2a2021-12-21 11:23:12.694root 11241100x8000000000000000523956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e491bcc9eac77aeb2021-12-21 11:23:12.694root 11241100x8000000000000000523957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fb899e5754905e2021-12-21 11:23:12.694root 11241100x8000000000000000523958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b87627ccd80ace2021-12-21 11:23:12.694root 11241100x8000000000000000523959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fa0f408a5f08c42021-12-21 11:23:12.694root 11241100x8000000000000000523960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c909a1a570ddcc2021-12-21 11:23:12.694root 11241100x8000000000000000523961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5695dc5c3284972021-12-21 11:23:12.694root 11241100x8000000000000000523962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3396a3a84908a7be2021-12-21 11:23:12.694root 11241100x8000000000000000523963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48f953308607fb62021-12-21 11:23:12.694root 11241100x8000000000000000523964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007c9c804fc80bb52021-12-21 11:23:12.695root 11241100x8000000000000000523965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01389c3858ab56272021-12-21 11:23:13.193root 11241100x8000000000000000523966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb37580f9e757b12021-12-21 11:23:13.193root 11241100x8000000000000000523967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91330a7548ce6e82021-12-21 11:23:13.193root 11241100x8000000000000000523968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a74c9e4e94a2cf2021-12-21 11:23:13.193root 11241100x8000000000000000523969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6effc1a7651f612021-12-21 11:23:13.193root 11241100x8000000000000000523970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42bbb26b54d3be42021-12-21 11:23:13.194root 11241100x8000000000000000523971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201df73ffecb4ac2021-12-21 11:23:13.194root 11241100x8000000000000000523972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99090738edfd112021-12-21 11:23:13.194root 11241100x8000000000000000523973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966c9fc450c2938b2021-12-21 11:23:13.194root 11241100x8000000000000000523974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f376ae9f57b7d2a2021-12-21 11:23:13.194root 11241100x8000000000000000523975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a127992914ee74022021-12-21 11:23:13.194root 11241100x8000000000000000523976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94064a26a1f8c3b2021-12-21 11:23:13.195root 11241100x8000000000000000523977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16251404512438ca2021-12-21 11:23:13.195root 11241100x8000000000000000523978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be6c379ee5f4c1d2021-12-21 11:23:13.195root 11241100x8000000000000000523979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7699fe48f9e3fa5a2021-12-21 11:23:13.195root 11241100x8000000000000000523980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446787f2468bdea2021-12-21 11:23:13.195root 11241100x8000000000000000523981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04db81a0764b50d2021-12-21 11:23:13.195root 11241100x8000000000000000523982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce20b848300b1e52021-12-21 11:23:13.196root 11241100x8000000000000000523983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6315d583a1cec5032021-12-21 11:23:13.196root 11241100x8000000000000000523984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc0a7b2f842c44a2021-12-21 11:23:13.196root 11241100x8000000000000000523985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1306b9e2b17e77a52021-12-21 11:23:13.693root 11241100x8000000000000000523986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419148db12ea8f3f2021-12-21 11:23:13.693root 11241100x8000000000000000523987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b9f847745d5892021-12-21 11:23:13.693root 11241100x8000000000000000523988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40db131982ffa0ea2021-12-21 11:23:13.693root 11241100x8000000000000000523989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f899d0b8187eb2021-12-21 11:23:13.693root 11241100x8000000000000000523990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18471c5abb90fd12021-12-21 11:23:13.693root 11241100x8000000000000000523991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68df829f1a8770902021-12-21 11:23:13.694root 11241100x8000000000000000523992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6015507ad65ac9c2021-12-21 11:23:13.694root 11241100x8000000000000000523993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf00ebd5058c1992021-12-21 11:23:13.694root 11241100x8000000000000000523994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dfbe812d0551f42021-12-21 11:23:13.694root 11241100x8000000000000000523995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cc990c37ec13b12021-12-21 11:23:13.694root 11241100x8000000000000000523996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab25d62901132702021-12-21 11:23:13.694root 11241100x8000000000000000523997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55675f009be5f092021-12-21 11:23:13.694root 11241100x8000000000000000523998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cacd9cb1e40f70b2021-12-21 11:23:13.694root 11241100x8000000000000000523999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e48978da55f302021-12-21 11:23:13.694root 11241100x8000000000000000524000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5561413bfa14d4552021-12-21 11:23:13.694root 11241100x8000000000000000524001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c0e4dd7cdcc642021-12-21 11:23:13.694root 11241100x8000000000000000524002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6ef11d0f0b80d2021-12-21 11:23:14.193root 11241100x8000000000000000524003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9459e66b22e90572021-12-21 11:23:14.193root 11241100x8000000000000000524004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d761f6583df2c802021-12-21 11:23:14.193root 11241100x8000000000000000524005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8f6a3958fd9e202021-12-21 11:23:14.193root 11241100x8000000000000000524006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d119a96fd86c5e2021-12-21 11:23:14.194root 11241100x8000000000000000524007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e500a899d178f642021-12-21 11:23:14.194root 11241100x8000000000000000524008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd155b8e26dc0fdf2021-12-21 11:23:14.194root 11241100x8000000000000000524009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a9079fc996126e2021-12-21 11:23:14.194root 11241100x8000000000000000524010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1936eacedc6e0902021-12-21 11:23:14.194root 11241100x8000000000000000524011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa53b358a24a892021-12-21 11:23:14.194root 11241100x8000000000000000524012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59f3ab400e2b8832021-12-21 11:23:14.194root 11241100x8000000000000000524013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e862b62780e1b2021-12-21 11:23:14.194root 11241100x8000000000000000524014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43d3c6c6a4ce5f92021-12-21 11:23:14.195root 11241100x8000000000000000524015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ebdbd06fb7b6c12021-12-21 11:23:14.195root 11241100x8000000000000000524016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688c4de92ab000ae2021-12-21 11:23:14.195root 11241100x8000000000000000524017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b834d148060af76c2021-12-21 11:23:14.195root 11241100x8000000000000000524018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98b50e99f37b112021-12-21 11:23:14.195root 11241100x8000000000000000524019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c153bf522710a712021-12-21 11:23:14.693root 11241100x8000000000000000524020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d349937523fd4e9b2021-12-21 11:23:14.693root 11241100x8000000000000000524021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75200a836a24cf442021-12-21 11:23:14.693root 11241100x8000000000000000524022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2887da744d3bbf822021-12-21 11:23:14.693root 11241100x8000000000000000524023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439ec5cbb9d01ac72021-12-21 11:23:14.694root 11241100x8000000000000000524024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c89720c37bf9452021-12-21 11:23:14.694root 11241100x8000000000000000524025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a851a704f1a607382021-12-21 11:23:14.694root 11241100x8000000000000000524026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5ea474a862b9e42021-12-21 11:23:14.694root 11241100x8000000000000000524027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcef662c836e12d2021-12-21 11:23:14.694root 11241100x8000000000000000524028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266f51339326e66b2021-12-21 11:23:14.694root 11241100x8000000000000000524029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4cacbaadcddaff2021-12-21 11:23:14.694root 11241100x8000000000000000524030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa100eb4dd2c3c72021-12-21 11:23:14.694root 11241100x8000000000000000524031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda3c5d6dcfc810b2021-12-21 11:23:14.694root 11241100x8000000000000000524032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ca86d1a2b5f222021-12-21 11:23:14.694root 11241100x8000000000000000524033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665c694ece331e22021-12-21 11:23:14.694root 11241100x8000000000000000524034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ac4a634a592cda2021-12-21 11:23:14.695root 11241100x8000000000000000524035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7da27b9ab1804102021-12-21 11:23:14.695root 354300x8000000000000000524036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.021{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48464-false10.0.1.12-8000- 11241100x8000000000000000524037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bf2bc96f7191ed2021-12-21 11:23:15.021root 11241100x8000000000000000524038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071014c445fa8e812021-12-21 11:23:15.022root 11241100x8000000000000000524039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696313a2b69fb4bc2021-12-21 11:23:15.022root 11241100x8000000000000000524040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c7f8b9f00512e62021-12-21 11:23:15.022root 11241100x8000000000000000524041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2158e7f56c4d862021-12-21 11:23:15.022root 11241100x8000000000000000524042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc1c5903f8b27392021-12-21 11:23:15.022root 11241100x8000000000000000524043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19bbfc8a2714a52021-12-21 11:23:15.022root 11241100x8000000000000000524044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9ff3100fc701452021-12-21 11:23:15.023root 11241100x8000000000000000524045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a8ba1eb88e553c2021-12-21 11:23:15.023root 11241100x8000000000000000524046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a44d15a69f745c2021-12-21 11:23:15.023root 11241100x8000000000000000524047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3b6e265559f452021-12-21 11:23:15.023root 11241100x8000000000000000524048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467f08b47ba4831b2021-12-21 11:23:15.023root 11241100x8000000000000000524049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1fa75e84051392021-12-21 11:23:15.024root 11241100x8000000000000000524050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109f56c7854406912021-12-21 11:23:15.024root 11241100x8000000000000000524051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d12ea355e85a7c92021-12-21 11:23:15.024root 11241100x8000000000000000524052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74482453bc9abb02021-12-21 11:23:15.024root 11241100x8000000000000000524053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438b8c06c3f6fc5a2021-12-21 11:23:15.024root 11241100x8000000000000000524054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd512e48531ef0d2021-12-21 11:23:15.024root 11241100x8000000000000000524055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb898fbc39430ac2021-12-21 11:23:15.025root 11241100x8000000000000000524056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8cb9aedd321022021-12-21 11:23:15.025root 11241100x8000000000000000524057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c54c96e729a27b2021-12-21 11:23:15.025root 11241100x8000000000000000524058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61ae622550890192021-12-21 11:23:15.025root 11241100x8000000000000000524059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f0a98e1b491f742021-12-21 11:23:15.025root 11241100x8000000000000000524060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8de2e8ef62c4bc42021-12-21 11:23:15.025root 11241100x8000000000000000524061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807c1d230cc5e6d82021-12-21 11:23:15.025root 11241100x8000000000000000524062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb878512ef16aa602021-12-21 11:23:15.443root 11241100x8000000000000000524063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047f857df379542d2021-12-21 11:23:15.443root 11241100x8000000000000000524064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b5614527b0f4f82021-12-21 11:23:15.444root 11241100x8000000000000000524065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde6ef1608d13282021-12-21 11:23:15.444root 11241100x8000000000000000524066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87cc745f1f625d42021-12-21 11:23:15.444root 11241100x8000000000000000524067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1240518c2b56a6052021-12-21 11:23:15.444root 11241100x8000000000000000524068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41f59a9b8a947b2021-12-21 11:23:15.444root 11241100x8000000000000000524069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f8b529d1210f082021-12-21 11:23:15.444root 11241100x8000000000000000524070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448acc19494ebef42021-12-21 11:23:15.444root 11241100x8000000000000000524071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb05f456f4819522021-12-21 11:23:15.444root 11241100x8000000000000000524072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27479ecbc6a77aa52021-12-21 11:23:15.444root 11241100x8000000000000000524073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b475d8118bb1452021-12-21 11:23:15.444root 11241100x8000000000000000524074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b010a0712a86900b2021-12-21 11:23:15.445root 11241100x8000000000000000524075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082fe78ea2e43572021-12-21 11:23:15.445root 11241100x8000000000000000524076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e9901eef155c632021-12-21 11:23:15.445root 11241100x8000000000000000524077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ce4819468136072021-12-21 11:23:15.445root 11241100x8000000000000000524078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94c1cbd3e81d6d72021-12-21 11:23:15.445root 11241100x8000000000000000524079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba957a90dd4c60e2021-12-21 11:23:15.445root 11241100x8000000000000000524080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd319d4b0c799ac82021-12-21 11:23:15.942root 11241100x8000000000000000524081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f22f6247ef69242021-12-21 11:23:15.943root 11241100x8000000000000000524082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e712d9288c11bf5a2021-12-21 11:23:15.943root 11241100x8000000000000000524083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ead9612b002cdd72021-12-21 11:23:15.943root 11241100x8000000000000000524084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d72afa50b6c982021-12-21 11:23:15.943root 11241100x8000000000000000524085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e49c69fe78a46f2021-12-21 11:23:15.943root 11241100x8000000000000000524086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0c7c2c0263343e2021-12-21 11:23:15.943root 11241100x8000000000000000524087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec396011761c552021-12-21 11:23:15.943root 11241100x8000000000000000524088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652544ff2e543d3e2021-12-21 11:23:15.943root 11241100x8000000000000000524089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19596925e2b9e3182021-12-21 11:23:15.943root 11241100x8000000000000000524090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deadb1bcccf0d402021-12-21 11:23:15.944root 11241100x8000000000000000524091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ced410ae58950482021-12-21 11:23:15.944root 11241100x8000000000000000524092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432abb1207eeec852021-12-21 11:23:15.944root 11241100x8000000000000000524093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbed1a726f2b99a2021-12-21 11:23:15.944root 11241100x8000000000000000524094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7a482ab0f5f58d2021-12-21 11:23:15.944root 11241100x8000000000000000524095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b110628df52f7a62021-12-21 11:23:15.944root 11241100x8000000000000000524096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2264c54ffc2919ea2021-12-21 11:23:15.944root 11241100x8000000000000000524097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5683b008cf76692a2021-12-21 11:23:15.944root 11241100x8000000000000000524098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa731e0a1197c512021-12-21 11:23:16.443root 11241100x8000000000000000524099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cacc57f1afc17d2021-12-21 11:23:16.443root 11241100x8000000000000000524100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04965f20b9ceb16c2021-12-21 11:23:16.443root 11241100x8000000000000000524101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03317a1c4ea049d52021-12-21 11:23:16.443root 11241100x8000000000000000524102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe17a1ce2ec88b22021-12-21 11:23:16.443root 11241100x8000000000000000524103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd5cc3f885476072021-12-21 11:23:16.443root 11241100x8000000000000000524104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac43b23db7ef5842021-12-21 11:23:16.443root 11241100x8000000000000000524105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6db3c55cc3c7bd2021-12-21 11:23:16.443root 11241100x8000000000000000524106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0dabdc654675372021-12-21 11:23:16.443root 11241100x8000000000000000524107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5f7655b6430b672021-12-21 11:23:16.444root 11241100x8000000000000000524108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b66cf631c168dde2021-12-21 11:23:16.444root 11241100x8000000000000000524109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c193a65952f0c42021-12-21 11:23:16.444root 11241100x8000000000000000524110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815a03677a8132192021-12-21 11:23:16.444root 11241100x8000000000000000524111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170775ba77c551d22021-12-21 11:23:16.444root 11241100x8000000000000000524112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f88d7fc374aa6b2021-12-21 11:23:16.444root 11241100x8000000000000000524113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e632a8b6e41ebc2021-12-21 11:23:16.444root 11241100x8000000000000000524114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a18ce45573e014a2021-12-21 11:23:16.444root 11241100x8000000000000000524115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c08b6da1bef04182021-12-21 11:23:16.444root 11241100x8000000000000000524116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b020df3fc5363b22021-12-21 11:23:16.943root 11241100x8000000000000000524117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c94d86cba2dd62021-12-21 11:23:16.943root 11241100x8000000000000000524118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3ae8e8a51d98752021-12-21 11:23:16.944root 11241100x8000000000000000524119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8202d9a0cadcb3622021-12-21 11:23:16.944root 11241100x8000000000000000524120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a8c290da72decf2021-12-21 11:23:16.944root 11241100x8000000000000000524121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9496b9de8ccd72021-12-21 11:23:16.944root 11241100x8000000000000000524122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b88b07d7b0a582021-12-21 11:23:16.944root 11241100x8000000000000000524123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1f1027a3b971c72021-12-21 11:23:16.944root 11241100x8000000000000000524124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01aeaf2d2389dbb2021-12-21 11:23:16.944root 11241100x8000000000000000524125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59a61c67c4503502021-12-21 11:23:16.944root 11241100x8000000000000000524126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8641a5a0293e22021-12-21 11:23:16.944root 11241100x8000000000000000524127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd203a2fbb823dd22021-12-21 11:23:16.944root 11241100x8000000000000000524128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07b2c4b441e0e882021-12-21 11:23:16.944root 11241100x8000000000000000524129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d737ee7a6c1c2272021-12-21 11:23:16.945root 11241100x8000000000000000524130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6112ba3f9a84cb9b2021-12-21 11:23:16.945root 11241100x8000000000000000524131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e5256266aa2342021-12-21 11:23:16.945root 11241100x8000000000000000524132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d3e1896a3269602021-12-21 11:23:16.945root 11241100x8000000000000000524133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf7014d8d6590b92021-12-21 11:23:16.945root 11241100x8000000000000000524134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ee69d708a337f92021-12-21 11:23:17.443root 11241100x8000000000000000524135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167d5ae1e025c1cb2021-12-21 11:23:17.443root 11241100x8000000000000000524136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e34cd3f8d5b0ee2021-12-21 11:23:17.443root 11241100x8000000000000000524137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f9032736a411b2021-12-21 11:23:17.444root 11241100x8000000000000000524138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da48635c9db409d2021-12-21 11:23:17.444root 11241100x8000000000000000524139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c01524707f6033a2021-12-21 11:23:17.444root 11241100x8000000000000000524140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1770e58f1a5e12112021-12-21 11:23:17.444root 11241100x8000000000000000524141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4877c8c8d3a433322021-12-21 11:23:17.444root 11241100x8000000000000000524142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc364f7b37cd2d672021-12-21 11:23:17.444root 11241100x8000000000000000524143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30442d0690105612021-12-21 11:23:17.444root 11241100x8000000000000000524144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b54f90b224b4f622021-12-21 11:23:17.444root 11241100x8000000000000000524145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a9dce14f40dac32021-12-21 11:23:17.444root 11241100x8000000000000000524146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda0f015f19a9642021-12-21 11:23:17.444root 11241100x8000000000000000524147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f2b36295255b1f2021-12-21 11:23:17.444root 11241100x8000000000000000524148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7ecbd103ba14db2021-12-21 11:23:17.444root 11241100x8000000000000000524149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aaa05678ce9be32021-12-21 11:23:17.445root 11241100x8000000000000000524150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13d842080ae04562021-12-21 11:23:17.445root 11241100x8000000000000000524151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc59f99bf6e969782021-12-21 11:23:17.445root 11241100x8000000000000000524152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57197fbcc55a2e942021-12-21 11:23:17.943root 11241100x8000000000000000524153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f46c2c71043524a2021-12-21 11:23:17.943root 11241100x8000000000000000524154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84e01f6fb9f1be2021-12-21 11:23:17.943root 11241100x8000000000000000524155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e82524322259b302021-12-21 11:23:17.943root 11241100x8000000000000000524156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c3682ecfb0edec2021-12-21 11:23:17.943root 11241100x8000000000000000524157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a9809c44ed3c7b2021-12-21 11:23:17.943root 11241100x8000000000000000524158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27734393d1a0be882021-12-21 11:23:17.943root 11241100x8000000000000000524159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4310520ed53b32142021-12-21 11:23:17.943root 11241100x8000000000000000524160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b265984c20a91b32021-12-21 11:23:17.943root 11241100x8000000000000000524161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8959ba3697ef962021-12-21 11:23:17.944root 11241100x8000000000000000524162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b636a4ed6301852021-12-21 11:23:17.944root 11241100x8000000000000000524163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117ae1de28ad90c2021-12-21 11:23:17.944root 11241100x8000000000000000524164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a474cf7c42dfd32021-12-21 11:23:17.944root 11241100x8000000000000000524165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfb481d709c97322021-12-21 11:23:17.944root 11241100x8000000000000000524166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512bf8c37bf468d82021-12-21 11:23:17.944root 11241100x8000000000000000524167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667830edb3264c02021-12-21 11:23:17.944root 11241100x8000000000000000524168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779a4f3dd9c3c84f2021-12-21 11:23:17.944root 11241100x8000000000000000524169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a0d6e89b9ec8fc2021-12-21 11:23:17.944root 11241100x8000000000000000524170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b56aacd0276aa82021-12-21 11:23:17.944root 11241100x8000000000000000524171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52bb6dd4775d1842021-12-21 11:23:18.443root 11241100x8000000000000000524172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ed447f051f45cc2021-12-21 11:23:18.443root 11241100x8000000000000000524173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40336ccdb2eca9dd2021-12-21 11:23:18.443root 11241100x8000000000000000524174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e16aea78c1a0742021-12-21 11:23:18.443root 11241100x8000000000000000524175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20a359ca4aab05e2021-12-21 11:23:18.444root 11241100x8000000000000000524176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdef3cceb7da1ab2021-12-21 11:23:18.444root 11241100x8000000000000000524177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046cb5aef847dd9f2021-12-21 11:23:18.444root 11241100x8000000000000000524178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d68ff3f8cf841c2021-12-21 11:23:18.444root 11241100x8000000000000000524179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa63db94c3b1c56a2021-12-21 11:23:18.444root 11241100x8000000000000000524180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48126bdef7b30602021-12-21 11:23:18.444root 11241100x8000000000000000524181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19a729e0a7791e2021-12-21 11:23:18.444root 11241100x8000000000000000524182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ff398c351284a42021-12-21 11:23:18.444root 11241100x8000000000000000524183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf78e8d3c87da0d2021-12-21 11:23:18.444root 11241100x8000000000000000524184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a68551b8269beb2021-12-21 11:23:18.444root 11241100x8000000000000000524185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f20093ecd6fa472021-12-21 11:23:18.444root 11241100x8000000000000000524186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd44d833d45879172021-12-21 11:23:18.444root 11241100x8000000000000000524187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4473efad2724792021-12-21 11:23:18.444root 11241100x8000000000000000524188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223cbd71ef6aba02021-12-21 11:23:18.444root 11241100x8000000000000000524189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4276dc34c688d5162021-12-21 11:23:18.943root 11241100x8000000000000000524190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a3161f549118a52021-12-21 11:23:18.943root 11241100x8000000000000000524191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc953e4b8b464a2021-12-21 11:23:18.943root 11241100x8000000000000000524192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4d788222f9a4182021-12-21 11:23:18.943root 11241100x8000000000000000524193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e97ca1198b7612021-12-21 11:23:18.944root 11241100x8000000000000000524194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef06a0270f402c2021-12-21 11:23:18.944root 11241100x8000000000000000524195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351721fbc0f665d2021-12-21 11:23:18.944root 11241100x8000000000000000524196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a033cfe1800628b2021-12-21 11:23:18.944root 11241100x8000000000000000524197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5dd7e4f62d78562021-12-21 11:23:18.944root 11241100x8000000000000000524198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7289c2d7b11e64642021-12-21 11:23:18.944root 11241100x8000000000000000524199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b406ffd3e699142021-12-21 11:23:18.944root 11241100x8000000000000000524200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea812e90fdcd4022021-12-21 11:23:18.944root 11241100x8000000000000000524201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cd00d558faece52021-12-21 11:23:18.944root 11241100x8000000000000000524202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8e5b9917f5f0cd2021-12-21 11:23:18.944root 11241100x8000000000000000524203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f5d51c42ce37b2021-12-21 11:23:18.945root 11241100x8000000000000000524204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdc2218247c22ae2021-12-21 11:23:18.945root 11241100x8000000000000000524205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cd4097c4707e992021-12-21 11:23:18.945root 11241100x8000000000000000524206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89afa296b5bd43b82021-12-21 11:23:18.945root 11241100x8000000000000000524207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b76bb43ee10f272021-12-21 11:23:19.443root 11241100x8000000000000000524208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086138bb934d0432021-12-21 11:23:19.443root 11241100x8000000000000000524209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be88638d4abd6012021-12-21 11:23:19.443root 11241100x8000000000000000524210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cb603e0c0bc56f2021-12-21 11:23:19.443root 11241100x8000000000000000524211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c145fdcf2f838b62021-12-21 11:23:19.443root 11241100x8000000000000000524212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62448b6923b0a592021-12-21 11:23:19.443root 11241100x8000000000000000524213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b595fe0802b46e652021-12-21 11:23:19.443root 11241100x8000000000000000524214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31dcf4c1e9fb9ea2021-12-21 11:23:19.444root 11241100x8000000000000000524215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6c0bc2c13832c2021-12-21 11:23:19.444root 11241100x8000000000000000524216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa6debd325d8222021-12-21 11:23:19.444root 11241100x8000000000000000524217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378b5c1e49d882be2021-12-21 11:23:19.444root 11241100x8000000000000000524218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f045b124899a0a642021-12-21 11:23:19.444root 11241100x8000000000000000524219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5581a0236f4cccd2021-12-21 11:23:19.444root 11241100x8000000000000000524220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2ade03d40c02012021-12-21 11:23:19.444root 11241100x8000000000000000524221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42fca76b8e454b12021-12-21 11:23:19.444root 11241100x8000000000000000524222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b87eb765cba933b2021-12-21 11:23:19.444root 11241100x8000000000000000524223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699b4a6910072192021-12-21 11:23:19.444root 11241100x8000000000000000524224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad5cf4dac0f01a2021-12-21 11:23:19.444root 11241100x8000000000000000524225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69621ce0a7eb6bb2021-12-21 11:23:19.444root 11241100x8000000000000000524226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc57dba3c30fae142021-12-21 11:23:19.444root 11241100x8000000000000000524227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa3c5573dcf7822021-12-21 11:23:19.943root 11241100x8000000000000000524228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aed0175478c1252021-12-21 11:23:19.943root 11241100x8000000000000000524229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b7004f9bbf90142021-12-21 11:23:19.943root 11241100x8000000000000000524230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36267ad58a0f025d2021-12-21 11:23:19.943root 11241100x8000000000000000524231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0420e6cc59c74e22021-12-21 11:23:19.943root 11241100x8000000000000000524232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d84b6ea4a6c7082021-12-21 11:23:19.943root 11241100x8000000000000000524233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7666defdb5ed9b2021-12-21 11:23:19.944root 11241100x8000000000000000524234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c416125586388e2021-12-21 11:23:19.944root 11241100x8000000000000000524235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb41a1c78724a852021-12-21 11:23:19.944root 11241100x8000000000000000524236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78d0ec3e5859fa02021-12-21 11:23:19.944root 11241100x8000000000000000524237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df125ca9d8e90502021-12-21 11:23:19.944root 11241100x8000000000000000524238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f17b48975a859b2021-12-21 11:23:19.944root 11241100x8000000000000000524239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d165a9d682bee7c2021-12-21 11:23:19.944root 11241100x8000000000000000524240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47b9dc5e83e56872021-12-21 11:23:19.944root 11241100x8000000000000000524241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b4af8ca0614e1f2021-12-21 11:23:19.944root 11241100x8000000000000000524242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b1e09fe0dfac2f2021-12-21 11:23:19.944root 11241100x8000000000000000524243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ac3d47e30a15e82021-12-21 11:23:19.945root 11241100x8000000000000000524244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eb2898263e8b6a2021-12-21 11:23:19.945root 11241100x8000000000000000524245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619525018deef0c22021-12-21 11:23:19.945root 11241100x8000000000000000524246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84d4f7e11dd15f2021-12-21 11:23:19.945root 11241100x8000000000000000524247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a10c1f1a8f28d82021-12-21 11:23:19.945root 11241100x8000000000000000524248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4c3dc367fa13e52021-12-21 11:23:19.945root 11241100x8000000000000000524249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572013ee2b6000182021-12-21 11:23:19.946root 11241100x8000000000000000524250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a31ef0166b8f532021-12-21 11:23:19.946root 11241100x8000000000000000524251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cfbac3b504d2cb2021-12-21 11:23:20.443root 11241100x8000000000000000524252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5127be4d0222c62021-12-21 11:23:20.444root 11241100x8000000000000000524253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e754348aa0cb786e2021-12-21 11:23:20.444root 11241100x8000000000000000524254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c917d56489f01d2021-12-21 11:23:20.445root 11241100x8000000000000000524255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d6fbb39dc0f65f2021-12-21 11:23:20.445root 11241100x8000000000000000524256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8744bacc4262d82021-12-21 11:23:20.445root 11241100x8000000000000000524257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45a083553ea8a982021-12-21 11:23:20.445root 11241100x8000000000000000524258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2824ca61de8b9e2021-12-21 11:23:20.445root 11241100x8000000000000000524259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8b40171ff44bf62021-12-21 11:23:20.445root 11241100x8000000000000000524260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bc8f848620551d2021-12-21 11:23:20.446root 11241100x8000000000000000524261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a954787185db26ed2021-12-21 11:23:20.446root 11241100x8000000000000000524262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d48ca1dfd374982021-12-21 11:23:20.446root 11241100x8000000000000000524263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f54b1526b238b2021-12-21 11:23:20.446root 11241100x8000000000000000524264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9c7b0b560e2fb22021-12-21 11:23:20.446root 11241100x8000000000000000524265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638876c417f776702021-12-21 11:23:20.446root 11241100x8000000000000000524266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39299d25a48b7ce2021-12-21 11:23:20.446root 11241100x8000000000000000524267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc3a9c6087e5172021-12-21 11:23:20.446root 11241100x8000000000000000524268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9a380ff652a352021-12-21 11:23:20.446root 11241100x8000000000000000524269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89de659ccd5bb69c2021-12-21 11:23:20.942root 11241100x8000000000000000524270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1c3de844dea4162021-12-21 11:23:20.943root 11241100x8000000000000000524271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2b6ac109945bd72021-12-21 11:23:20.943root 11241100x8000000000000000524272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091843a78b169e5e2021-12-21 11:23:20.943root 11241100x8000000000000000524273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a1358d91d60cd12021-12-21 11:23:20.943root 11241100x8000000000000000524274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e045bc9b2300512021-12-21 11:23:20.943root 11241100x8000000000000000524275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8185c458b30fa12021-12-21 11:23:20.943root 11241100x8000000000000000524276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efac1ab2e5c940442021-12-21 11:23:20.943root 11241100x8000000000000000524277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27b2fa7618c58912021-12-21 11:23:20.943root 11241100x8000000000000000524278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc89e4fbd05c06f12021-12-21 11:23:20.943root 11241100x8000000000000000524279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c61a3d8301616a52021-12-21 11:23:20.944root 11241100x8000000000000000524280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6622b8ca07630a132021-12-21 11:23:20.944root 11241100x8000000000000000524281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6676fbc96b164c242021-12-21 11:23:20.944root 11241100x8000000000000000524282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afff02aa3ba491b2021-12-21 11:23:20.944root 11241100x8000000000000000524283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942401eb59fde7af2021-12-21 11:23:20.944root 11241100x8000000000000000524284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b9d2d61f577b6e2021-12-21 11:23:20.944root 11241100x8000000000000000524285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257065355ab0bd5f2021-12-21 11:23:20.944root 11241100x8000000000000000524286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe194e0b874920a72021-12-21 11:23:20.944root 11241100x8000000000000000524287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec917538d32d05092021-12-21 11:23:20.945root 11241100x8000000000000000524288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32821be7c1ed2ca62021-12-21 11:23:20.945root 11241100x8000000000000000524289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38652bf101f05bd62021-12-21 11:23:20.945root 11241100x8000000000000000524290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a77ec4cc8f7f6a62021-12-21 11:23:20.945root 11241100x8000000000000000524291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a0fd98c2fd0a542021-12-21 11:23:20.945root 354300x8000000000000000524292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.018{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48466-false10.0.1.12-8000- 11241100x8000000000000000524293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c6680fb7cbb2ba2021-12-21 11:23:21.443root 11241100x8000000000000000524294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e467cc2597d44a1e2021-12-21 11:23:21.443root 11241100x8000000000000000524295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c840f2ed4a09ed12021-12-21 11:23:21.443root 11241100x8000000000000000524296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84633d8849ae2982021-12-21 11:23:21.443root 11241100x8000000000000000524297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6a37b293f1de22021-12-21 11:23:21.443root 11241100x8000000000000000524298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b234c6777196a56c2021-12-21 11:23:21.443root 11241100x8000000000000000524299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b401615110d1752021-12-21 11:23:21.444root 11241100x8000000000000000524300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e74009ab738d52021-12-21 11:23:21.444root 11241100x8000000000000000524301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e9a37d5c3859d2021-12-21 11:23:21.444root 11241100x8000000000000000524302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4875558984d9dbac2021-12-21 11:23:21.444root 11241100x8000000000000000524303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d51f09ee9272672021-12-21 11:23:21.444root 11241100x8000000000000000524304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b4f03fb435baa32021-12-21 11:23:21.444root 11241100x8000000000000000524305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b3336e2dd204e2021-12-21 11:23:21.444root 11241100x8000000000000000524306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f0cf3a4863faf2021-12-21 11:23:21.444root 11241100x8000000000000000524307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5877e9d688ca32021-12-21 11:23:21.444root 11241100x8000000000000000524308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0772dd3a4ad2a25f2021-12-21 11:23:21.444root 11241100x8000000000000000524309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e7bee37ffbcdb32021-12-21 11:23:21.445root 11241100x8000000000000000524310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017090f23c70b9182021-12-21 11:23:21.445root 11241100x8000000000000000524311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1842b9abb962dd912021-12-21 11:23:21.445root 11241100x8000000000000000524312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d85af6b9cf51cd2021-12-21 11:23:21.445root 11241100x8000000000000000524313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc25aa3d08fa046c2021-12-21 11:23:21.445root 11241100x8000000000000000524314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610cfb8405291652021-12-21 11:23:21.943root 11241100x8000000000000000524315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6cc70beae15bf42021-12-21 11:23:21.943root 11241100x8000000000000000524316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7536aac519e608ed2021-12-21 11:23:21.944root 11241100x8000000000000000524317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2f57649ca1e8b32021-12-21 11:23:21.944root 11241100x8000000000000000524318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90d517cb6985f5e2021-12-21 11:23:21.944root 11241100x8000000000000000524319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bade53792ce8de42021-12-21 11:23:21.944root 11241100x8000000000000000524320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078b5164c7a459992021-12-21 11:23:21.944root 11241100x8000000000000000524321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949949da0ceb0de32021-12-21 11:23:21.945root 11241100x8000000000000000524322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8fd879cfb9b4ed2021-12-21 11:23:21.945root 11241100x8000000000000000524323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993a4ceaec74f7b42021-12-21 11:23:21.945root 11241100x8000000000000000524324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4557b29dea8cc22021-12-21 11:23:21.945root 11241100x8000000000000000524325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b803cdcf0756fd4a2021-12-21 11:23:21.945root 11241100x8000000000000000524326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60579edf0d118282021-12-21 11:23:21.945root 11241100x8000000000000000524327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2557a6e859fb715d2021-12-21 11:23:21.945root 11241100x8000000000000000524328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16384e28887f492c2021-12-21 11:23:21.945root 11241100x8000000000000000524329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2628baf594d03bb12021-12-21 11:23:21.945root 11241100x8000000000000000524330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed0a00d6012d422021-12-21 11:23:21.945root 11241100x8000000000000000524331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e8d235cd569512021-12-21 11:23:21.946root 11241100x8000000000000000524332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45483fb91ef8a7492021-12-21 11:23:21.946root 11241100x8000000000000000524333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16997e709fe5ff612021-12-21 11:23:22.443root 11241100x8000000000000000524334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78512f1877d476582021-12-21 11:23:22.443root 11241100x8000000000000000524335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df139af2975031b2021-12-21 11:23:22.443root 11241100x8000000000000000524336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcae10607a0327a2021-12-21 11:23:22.444root 11241100x8000000000000000524337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0add9e34c886b702021-12-21 11:23:22.444root 11241100x8000000000000000524338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f63c4bf67ab850f2021-12-21 11:23:22.444root 11241100x8000000000000000524339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c11ae8df42e9352021-12-21 11:23:22.444root 11241100x8000000000000000524340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60760eefd5ed9d1c2021-12-21 11:23:22.444root 11241100x8000000000000000524341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53acb8baf0af9c342021-12-21 11:23:22.444root 11241100x8000000000000000524342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a34942578f9332021-12-21 11:23:22.444root 11241100x8000000000000000524343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c1ae14a962d05e2021-12-21 11:23:22.444root 11241100x8000000000000000524344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309a1fac08f6e452021-12-21 11:23:22.444root 11241100x8000000000000000524345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f2891d79fc79e42021-12-21 11:23:22.444root 11241100x8000000000000000524346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb54ef98e58fccb2021-12-21 11:23:22.444root 11241100x8000000000000000524347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a470b6b8e465262021-12-21 11:23:22.445root 11241100x8000000000000000524348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e89cf1544c2e68c2021-12-21 11:23:22.445root 11241100x8000000000000000524349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e787955a3129e82021-12-21 11:23:22.445root 11241100x8000000000000000524350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5289179c3c9be7b2021-12-21 11:23:22.445root 11241100x8000000000000000524351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef2a27d66e3dc192021-12-21 11:23:22.445root 11241100x8000000000000000524352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1776c1f872297a62021-12-21 11:23:22.943root 11241100x8000000000000000524353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0adb5dbb114be2021-12-21 11:23:22.943root 11241100x8000000000000000524354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b946a1b8045bc89f2021-12-21 11:23:22.943root 11241100x8000000000000000524355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed7c056143dfb122021-12-21 11:23:22.943root 11241100x8000000000000000524356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c615799b01ec8552021-12-21 11:23:22.943root 11241100x8000000000000000524357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0778c36ed26dc052021-12-21 11:23:22.944root 11241100x8000000000000000524358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef35e588ce9b832021-12-21 11:23:22.944root 11241100x8000000000000000524359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8114caaef6ece4112021-12-21 11:23:22.944root 11241100x8000000000000000524360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49009a1ac003106d2021-12-21 11:23:22.944root 11241100x8000000000000000524361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa85dfd429160a22021-12-21 11:23:22.944root 11241100x8000000000000000524362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf58c59d40a36dea2021-12-21 11:23:22.944root 11241100x8000000000000000524363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df85d59de917959e2021-12-21 11:23:22.945root 11241100x8000000000000000524364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ae64828d6549b32021-12-21 11:23:22.945root 11241100x8000000000000000524365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ea573ac212e6cd2021-12-21 11:23:22.945root 11241100x8000000000000000524366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9180b6086ec68daf2021-12-21 11:23:22.945root 11241100x8000000000000000524367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf876babf85dac172021-12-21 11:23:22.945root 11241100x8000000000000000524368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc37cbc4e74b41a22021-12-21 11:23:22.945root 11241100x8000000000000000524369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8b2e7008e7ddc62021-12-21 11:23:22.945root 11241100x8000000000000000524370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7639db25a985132021-12-21 11:23:22.945root 11241100x8000000000000000524371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be7c02e39c03e932021-12-21 11:23:22.945root 11241100x8000000000000000524372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd5538a6f686f012021-12-21 11:23:22.945root 11241100x8000000000000000524373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d0ff8fdea95e2b2021-12-21 11:23:23.443root 11241100x8000000000000000524374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03ee0953588b9242021-12-21 11:23:23.443root 11241100x8000000000000000524375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e908f1a38f57f2a72021-12-21 11:23:23.443root 11241100x8000000000000000524376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fb30f3fb0ad2262021-12-21 11:23:23.443root 11241100x8000000000000000524377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bf1e2af18b059d2021-12-21 11:23:23.444root 11241100x8000000000000000524378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f2b931bd1e782a2021-12-21 11:23:23.444root 11241100x8000000000000000524379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506e601f007c56912021-12-21 11:23:23.444root 11241100x8000000000000000524380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f24fc505af97f02021-12-21 11:23:23.444root 11241100x8000000000000000524381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f3ff170eab0762021-12-21 11:23:23.444root 11241100x8000000000000000524382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50640e03b349b2482021-12-21 11:23:23.444root 11241100x8000000000000000524383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de4af00a8821b3f2021-12-21 11:23:23.444root 11241100x8000000000000000524384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048eaff100e0c81b2021-12-21 11:23:23.444root 11241100x8000000000000000524385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a780c62d2c242c32021-12-21 11:23:23.444root 11241100x8000000000000000524386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25516301be5fea192021-12-21 11:23:23.444root 11241100x8000000000000000524387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7276c67fcdeed72021-12-21 11:23:23.444root 11241100x8000000000000000524388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b88fe611ca33f12021-12-21 11:23:23.444root 11241100x8000000000000000524389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c46dcd0afd19432021-12-21 11:23:23.444root 11241100x8000000000000000524390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f2491d0406bccc2021-12-21 11:23:23.444root 11241100x8000000000000000524391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab65845b23663102021-12-21 11:23:23.445root 11241100x8000000000000000524392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d286f06cbd90c9a2021-12-21 11:23:23.943root 11241100x8000000000000000524393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1200076573f4517f2021-12-21 11:23:23.943root 11241100x8000000000000000524394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb33616b2c23ed2021-12-21 11:23:23.943root 11241100x8000000000000000524395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be5b90806442d3a2021-12-21 11:23:23.943root 11241100x8000000000000000524396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8aba8939976042021-12-21 11:23:23.943root 11241100x8000000000000000524397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f3196fda131522021-12-21 11:23:23.943root 11241100x8000000000000000524398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447473774de1148a2021-12-21 11:23:23.944root 11241100x8000000000000000524399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f07ecb424fca9d2021-12-21 11:23:23.944root 11241100x8000000000000000524400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de1fc63b9fc7b312021-12-21 11:23:23.944root 11241100x8000000000000000524401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0ac5cab524a0b2021-12-21 11:23:23.944root 11241100x8000000000000000524402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2051c41a58f3312021-12-21 11:23:23.944root 11241100x8000000000000000524403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdc792f25f819c72021-12-21 11:23:23.944root 11241100x8000000000000000524404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9966be9cde999c2021-12-21 11:23:23.945root 11241100x8000000000000000524405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7ad9f00f6c1022021-12-21 11:23:23.945root 11241100x8000000000000000524406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a2a97601ac6982021-12-21 11:23:23.945root 11241100x8000000000000000524407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb147709c86d2382021-12-21 11:23:23.945root 11241100x8000000000000000524408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fbfd7ea6bcbad22021-12-21 11:23:23.945root 11241100x8000000000000000524409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11e946b598f93b2021-12-21 11:23:23.945root 11241100x8000000000000000524410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e58d3fcbbf8ac312021-12-21 11:23:23.945root 11241100x8000000000000000524411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfff2f6c6d829912021-12-21 11:23:23.945root 11241100x8000000000000000524412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474f66150ba2457e2021-12-21 11:23:24.443root 11241100x8000000000000000524413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5d3eaecdbcda412021-12-21 11:23:24.443root 11241100x8000000000000000524414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b78e3eed65bdc92021-12-21 11:23:24.443root 11241100x8000000000000000524415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7582a6cdeab7a52021-12-21 11:23:24.444root 11241100x8000000000000000524416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e358b110e472052021-12-21 11:23:24.444root 11241100x8000000000000000524417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795b7e4afdf22852021-12-21 11:23:24.444root 11241100x8000000000000000524418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdf609997fe97632021-12-21 11:23:24.444root 11241100x8000000000000000524419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a0a945b5936e1d2021-12-21 11:23:24.444root 11241100x8000000000000000524420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34481d01c8fc19d02021-12-21 11:23:24.444root 11241100x8000000000000000524421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13201b410ca176872021-12-21 11:23:24.444root 11241100x8000000000000000524422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a5a2512caf53732021-12-21 11:23:24.444root 11241100x8000000000000000524423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190503da64a360a52021-12-21 11:23:24.444root 11241100x8000000000000000524424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd826bfa6a2a1fa2021-12-21 11:23:24.444root 11241100x8000000000000000524425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670b90eaef2b0f962021-12-21 11:23:24.444root 11241100x8000000000000000524426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa36cd7a393a4c8c2021-12-21 11:23:24.445root 11241100x8000000000000000524427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1306b30f595e692021-12-21 11:23:24.445root 11241100x8000000000000000524428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce87091b92b79752021-12-21 11:23:24.445root 11241100x8000000000000000524429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79caec2580270fd72021-12-21 11:23:24.445root 11241100x8000000000000000524430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7af00fed1e377622021-12-21 11:23:24.445root 11241100x8000000000000000524431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f0a5779dc92b9f2021-12-21 11:23:24.943root 11241100x8000000000000000524432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbec92b122433a4c2021-12-21 11:23:24.943root 11241100x8000000000000000524433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a78dfacfdda31852021-12-21 11:23:24.943root 11241100x8000000000000000524434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f25b026f51784e2021-12-21 11:23:24.943root 11241100x8000000000000000524435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33058c9163efb5ab2021-12-21 11:23:24.943root 11241100x8000000000000000524436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3027ea5c5aae318c2021-12-21 11:23:24.944root 11241100x8000000000000000524437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495278eb9249b3f42021-12-21 11:23:24.944root 11241100x8000000000000000524438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469085e053796f852021-12-21 11:23:24.944root 11241100x8000000000000000524439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9507a882136691cb2021-12-21 11:23:24.944root 11241100x8000000000000000524440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b93bb344377c4bf2021-12-21 11:23:24.944root 11241100x8000000000000000524441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f364352ea5d29562021-12-21 11:23:24.944root 11241100x8000000000000000524442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df093335564af24f2021-12-21 11:23:24.944root 11241100x8000000000000000524443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893a8f1155618a12021-12-21 11:23:24.944root 11241100x8000000000000000524444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a5e21aa239630e2021-12-21 11:23:24.944root 11241100x8000000000000000524445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6629e158ef1862021-12-21 11:23:24.945root 11241100x8000000000000000524446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f7b564f43be1e52021-12-21 11:23:24.945root 11241100x8000000000000000524447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242b52a40a7703412021-12-21 11:23:24.945root 11241100x8000000000000000524448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d17b86b64616a52021-12-21 11:23:24.945root 11241100x8000000000000000524449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955990f738de5b072021-12-21 11:23:24.945root 354300x8000000000000000524450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.437{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35532-false10.0.1.12-8089- 11241100x8000000000000000524451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.437{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1d63430e88b922021-12-21 11:23:25.437root 11241100x8000000000000000524452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27bfdb007e7df32021-12-21 11:23:25.438root 11241100x8000000000000000524453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec66c7123e8f9ea32021-12-21 11:23:25.438root 11241100x8000000000000000524454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332da52d4b0a4ed2021-12-21 11:23:25.438root 11241100x8000000000000000524455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eac9d88580a0a22021-12-21 11:23:25.438root 11241100x8000000000000000524456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1593168403754aa12021-12-21 11:23:25.438root 11241100x8000000000000000524457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.438{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056790592fde0962021-12-21 11:23:25.438root 11241100x8000000000000000524458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d454a306bb5921022021-12-21 11:23:25.439root 11241100x8000000000000000524459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3378e69b370cd6b12021-12-21 11:23:25.439root 11241100x8000000000000000524460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fcfc5c5343ab02021-12-21 11:23:25.439root 11241100x8000000000000000524461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac5fb4d075a2ce2021-12-21 11:23:25.439root 11241100x8000000000000000524462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197609b3283c74112021-12-21 11:23:25.439root 11241100x8000000000000000524463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.439{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6d1fe987b79f222021-12-21 11:23:25.439root 11241100x8000000000000000524464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8842eb197a30e7962021-12-21 11:23:25.440root 11241100x8000000000000000524465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0813e057a565ab2021-12-21 11:23:25.440root 11241100x8000000000000000524466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb66ec858caf64362021-12-21 11:23:25.440root 11241100x8000000000000000524467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326d7ba5ecc46ba32021-12-21 11:23:25.440root 11241100x8000000000000000524468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3c4b7d2856136d2021-12-21 11:23:25.440root 11241100x8000000000000000524469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.440{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b2f7fcdda59cf2021-12-21 11:23:25.440root 11241100x8000000000000000524470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a243de43a783dc2021-12-21 11:23:25.441root 11241100x8000000000000000524471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3fb60c342547fa2021-12-21 11:23:25.441root 11241100x8000000000000000524472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf506378df8fb272021-12-21 11:23:25.441root 11241100x8000000000000000524473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.441{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad8a9cf95a153142021-12-21 11:23:25.441root 11241100x8000000000000000524474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e2e5e07e20f7362021-12-21 11:23:25.693root 11241100x8000000000000000524475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e325b9e95b973a2021-12-21 11:23:25.693root 11241100x8000000000000000524476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e807378ca300692021-12-21 11:23:25.694root 11241100x8000000000000000524477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fb2ae39189e1612021-12-21 11:23:25.694root 11241100x8000000000000000524478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197d3019cb172e272021-12-21 11:23:25.694root 11241100x8000000000000000524479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50279971e27e897e2021-12-21 11:23:25.694root 11241100x8000000000000000524480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48292b209e74275d2021-12-21 11:23:25.694root 11241100x8000000000000000524481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec09ff628937cc682021-12-21 11:23:25.694root 11241100x8000000000000000524482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9009aa994d36b5fb2021-12-21 11:23:25.694root 11241100x8000000000000000524483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb923d6704cb13832021-12-21 11:23:25.695root 11241100x8000000000000000524484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a79751921c74ac2021-12-21 11:23:25.695root 11241100x8000000000000000524485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d82b22f83777282021-12-21 11:23:25.695root 11241100x8000000000000000524486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2c579d5190674f2021-12-21 11:23:25.695root 11241100x8000000000000000524487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da615b5bead0c8f32021-12-21 11:23:25.695root 11241100x8000000000000000524488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2243a556a212d0742021-12-21 11:23:25.695root 11241100x8000000000000000524489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b2ca86d4000a8b2021-12-21 11:23:25.695root 11241100x8000000000000000524490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b048164234ef38c42021-12-21 11:23:25.695root 11241100x8000000000000000524491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b2859f51f08fb2021-12-21 11:23:25.695root 11241100x8000000000000000524492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f93f2f78dcc88a2021-12-21 11:23:25.695root 11241100x8000000000000000524493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e7c306a7a188332021-12-21 11:23:25.695root 11241100x8000000000000000524494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0cf77b4f4b5ef2021-12-21 11:23:26.193root 11241100x8000000000000000524495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83849c4f314294e2021-12-21 11:23:26.193root 11241100x8000000000000000524496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9236c8c5890992602021-12-21 11:23:26.193root 11241100x8000000000000000524497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62190f04d8ac44a02021-12-21 11:23:26.194root 11241100x8000000000000000524498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7307983baec84412021-12-21 11:23:26.194root 11241100x8000000000000000524499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923cb05683a698722021-12-21 11:23:26.194root 11241100x8000000000000000524500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d3f98f67a8e50f2021-12-21 11:23:26.194root 11241100x8000000000000000524501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2d27e607a9097a2021-12-21 11:23:26.194root 11241100x8000000000000000524502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a20ce4638b19df2021-12-21 11:23:26.194root 11241100x8000000000000000524503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653c7e80522a7ea02021-12-21 11:23:26.194root 11241100x8000000000000000524504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14938e992bf6d61c2021-12-21 11:23:26.194root 11241100x8000000000000000524505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0abfc2e3d97d0db2021-12-21 11:23:26.194root 11241100x8000000000000000524506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4866e1be08c05b2f2021-12-21 11:23:26.194root 11241100x8000000000000000524507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc4b43ad521b0c42021-12-21 11:23:26.194root 11241100x8000000000000000524508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080415041945fd322021-12-21 11:23:26.195root 11241100x8000000000000000524509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c8485c95cae7312021-12-21 11:23:26.195root 11241100x8000000000000000524510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbf2e18ec811fb2021-12-21 11:23:26.195root 11241100x8000000000000000524511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65c82c588400cad2021-12-21 11:23:26.195root 11241100x8000000000000000524512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69e9d3d24f9f812021-12-21 11:23:26.195root 11241100x8000000000000000524513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e32c5a99af19bc2021-12-21 11:23:26.195root 11241100x8000000000000000524514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b175f4cbaa200b202021-12-21 11:23:26.693root 11241100x8000000000000000524515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb7de5ecdee3e32021-12-21 11:23:26.693root 11241100x8000000000000000524516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b38893042a2e82021-12-21 11:23:26.693root 11241100x8000000000000000524517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2646856bf3d2f9502021-12-21 11:23:26.694root 11241100x8000000000000000524518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c80a3d221c16592021-12-21 11:23:26.694root 11241100x8000000000000000524519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0040703560ca67242021-12-21 11:23:26.694root 11241100x8000000000000000524520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7718e64b964fc6072021-12-21 11:23:26.694root 11241100x8000000000000000524521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2cd2ac452921ed2021-12-21 11:23:26.694root 11241100x8000000000000000524522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c6a93ea36325b22021-12-21 11:23:26.694root 11241100x8000000000000000524523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46f5bd3628494202021-12-21 11:23:26.694root 11241100x8000000000000000524524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a19e6d0f28268ac2021-12-21 11:23:26.694root 11241100x8000000000000000524525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d3e579a626048f2021-12-21 11:23:26.695root 11241100x8000000000000000524526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44f2b262f5328f32021-12-21 11:23:26.695root 11241100x8000000000000000524527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c87b877d8c42d2021-12-21 11:23:26.695root 11241100x8000000000000000524528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d3f8922cb9a6dd2021-12-21 11:23:26.695root 11241100x8000000000000000524529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0281f6566f334572021-12-21 11:23:26.695root 11241100x8000000000000000524530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c17a75701093b22021-12-21 11:23:26.695root 11241100x8000000000000000524531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792072a2610ef10f2021-12-21 11:23:26.696root 11241100x8000000000000000524532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d66cf262411fe712021-12-21 11:23:26.696root 11241100x8000000000000000524533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a58040754d2bb02021-12-21 11:23:26.696root 354300x8000000000000000524534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48470-false10.0.1.12-8000- 11241100x8000000000000000524535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa75db97431883ac2021-12-21 11:23:27.016root 11241100x8000000000000000524536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba6d656de641f52021-12-21 11:23:27.016root 11241100x8000000000000000524537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29730e462582d1ef2021-12-21 11:23:27.017root 11241100x8000000000000000524538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b3a5d79e3464d82021-12-21 11:23:27.017root 11241100x8000000000000000524539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fd9f78e4b66d392021-12-21 11:23:27.017root 11241100x8000000000000000524540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e280ba44d82542021-12-21 11:23:27.017root 11241100x8000000000000000524541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86394c572359672021-12-21 11:23:27.017root 11241100x8000000000000000524542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d96703235d0df812021-12-21 11:23:27.017root 11241100x8000000000000000524543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3c01f5d49e9e7a2021-12-21 11:23:27.017root 11241100x8000000000000000524544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6044e1afceb61f012021-12-21 11:23:27.018root 11241100x8000000000000000524545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d33849a1248ae722021-12-21 11:23:27.018root 11241100x8000000000000000524546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5fb2add60637872021-12-21 11:23:27.018root 11241100x8000000000000000524547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc4a306c623ab812021-12-21 11:23:27.018root 11241100x8000000000000000524548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c82b8e7188da942021-12-21 11:23:27.018root 11241100x8000000000000000524549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794279f9d8ea62682021-12-21 11:23:27.018root 11241100x8000000000000000524550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f454e57143d772021-12-21 11:23:27.019root 11241100x8000000000000000524551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c792d37e0418b49c2021-12-21 11:23:27.019root 11241100x8000000000000000524552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cdc62805183c102021-12-21 11:23:27.019root 11241100x8000000000000000524553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff32397b585c14d2021-12-21 11:23:27.019root 11241100x8000000000000000524554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b372d5a9f91c7c2021-12-21 11:23:27.020root 11241100x8000000000000000524555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37de4eea6f3b4fec2021-12-21 11:23:27.020root 11241100x8000000000000000524556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b53a6403b3018e2021-12-21 11:23:27.020root 11241100x8000000000000000524557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec09c7fcea9e2612021-12-21 11:23:27.020root 11241100x8000000000000000524558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf83a1a1ad4e7b2021-12-21 11:23:27.020root 11241100x8000000000000000524559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ab375eaf0c85f2021-12-21 11:23:27.020root 11241100x8000000000000000524560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554609817a9be312021-12-21 11:23:27.021root 11241100x8000000000000000524561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6f315cc16f10512021-12-21 11:23:27.021root 11241100x8000000000000000524562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51026870d0efbd892021-12-21 11:23:27.021root 11241100x8000000000000000524563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1227fc4ee03a1eb2021-12-21 11:23:27.021root 11241100x8000000000000000524564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6132682b0b17f79b2021-12-21 11:23:27.443root 11241100x8000000000000000524565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848096948bcf3ed2021-12-21 11:23:27.443root 11241100x8000000000000000524566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae7e49a7e7080c82021-12-21 11:23:27.443root 11241100x8000000000000000524567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed42165e5fc08282021-12-21 11:23:27.444root 11241100x8000000000000000524568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acefcc8848bcdc892021-12-21 11:23:27.444root 11241100x8000000000000000524569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89880f3f347f5c22021-12-21 11:23:27.444root 11241100x8000000000000000524570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730c8ab90818ca72021-12-21 11:23:27.444root 11241100x8000000000000000524571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7429b450568c0972021-12-21 11:23:27.444root 11241100x8000000000000000524572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83013a3dd10ba5e2021-12-21 11:23:27.444root 11241100x8000000000000000524573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8301d132658fb8682021-12-21 11:23:27.444root 11241100x8000000000000000524574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba51b56858e4484b2021-12-21 11:23:27.444root 11241100x8000000000000000524575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cbeac14533e6582021-12-21 11:23:27.444root 11241100x8000000000000000524576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749b5cba45d6c7d22021-12-21 11:23:27.444root 11241100x8000000000000000524577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d0ac8b0214b0212021-12-21 11:23:27.445root 11241100x8000000000000000524578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285e796abc69c2e32021-12-21 11:23:27.445root 11241100x8000000000000000524579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162e6c5b98e7a1c2021-12-21 11:23:27.445root 11241100x8000000000000000524580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82fa32870ed22b2021-12-21 11:23:27.445root 11241100x8000000000000000524581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1652a136666d6f2021-12-21 11:23:27.445root 11241100x8000000000000000524582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e9762b4ba7d1102021-12-21 11:23:27.445root 11241100x8000000000000000524583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f195153270ec7992021-12-21 11:23:27.446root 11241100x8000000000000000524584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ee9943c70d63cf2021-12-21 11:23:27.446root 11241100x8000000000000000524585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc68fb045a7c44e42021-12-21 11:23:27.943root 11241100x8000000000000000524586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0188d4c81c37fe232021-12-21 11:23:27.943root 11241100x8000000000000000524587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585843112eff73742021-12-21 11:23:27.943root 11241100x8000000000000000524588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d25a4434e5581e2021-12-21 11:23:27.943root 11241100x8000000000000000524589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366b2fa8e2fbe552021-12-21 11:23:27.943root 11241100x8000000000000000524590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae17e3c16d32f91c2021-12-21 11:23:27.943root 11241100x8000000000000000524591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c22aabb1060a4a2021-12-21 11:23:27.944root 11241100x8000000000000000524592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f199d3df1f66162021-12-21 11:23:27.944root 11241100x8000000000000000524593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ab436d66e3585f2021-12-21 11:23:27.944root 11241100x8000000000000000524594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfba202d0e77d7d12021-12-21 11:23:27.944root 11241100x8000000000000000524595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab86daa31a093c92021-12-21 11:23:27.944root 11241100x8000000000000000524596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b95b5b71d3874f2021-12-21 11:23:27.944root 11241100x8000000000000000524597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fecc2dc023a1fab2021-12-21 11:23:27.944root 11241100x8000000000000000524598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49b1158025b2eda2021-12-21 11:23:27.944root 11241100x8000000000000000524599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a923e8ef4831a4032021-12-21 11:23:27.945root 11241100x8000000000000000524600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17621604007e895c2021-12-21 11:23:27.945root 11241100x8000000000000000524601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f62da742c37f9e72021-12-21 11:23:27.945root 11241100x8000000000000000524602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74be2fccb0fdeccd2021-12-21 11:23:27.945root 11241100x8000000000000000524603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8251dd0ee81ea0c02021-12-21 11:23:27.945root 11241100x8000000000000000524604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee776da5d57806342021-12-21 11:23:27.945root 11241100x8000000000000000524605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b43901e72338482021-12-21 11:23:27.945root 11241100x8000000000000000524606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c84558ea106ca712021-12-21 11:23:28.443root 11241100x8000000000000000524607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e655539b0c93dbc2021-12-21 11:23:28.443root 11241100x8000000000000000524608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db3619daee4a5b2021-12-21 11:23:28.443root 11241100x8000000000000000524609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a972844da84a9c562021-12-21 11:23:28.443root 11241100x8000000000000000524610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c4a056216b18f22021-12-21 11:23:28.443root 11241100x8000000000000000524611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea53556e382107f2021-12-21 11:23:28.444root 11241100x8000000000000000524612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b2893ec37258c02021-12-21 11:23:28.444root 11241100x8000000000000000524613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38af1729fdaa86622021-12-21 11:23:28.444root 11241100x8000000000000000524614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57476ce8071a4c862021-12-21 11:23:28.444root 11241100x8000000000000000524615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b580c406aa5b8aa2021-12-21 11:23:28.444root 11241100x8000000000000000524616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a1390c2832113a2021-12-21 11:23:28.444root 11241100x8000000000000000524617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a0782363872ab2021-12-21 11:23:28.444root 11241100x8000000000000000524618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642eb651c0e6f8b2021-12-21 11:23:28.444root 11241100x8000000000000000524619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b6f349cf003892021-12-21 11:23:28.445root 11241100x8000000000000000524620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d5238ef7f11ba92021-12-21 11:23:28.445root 11241100x8000000000000000524621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6c439b9307d1202021-12-21 11:23:28.445root 11241100x8000000000000000524622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef743590f0d2781a2021-12-21 11:23:28.445root 11241100x8000000000000000524623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0b3aa1798842d22021-12-21 11:23:28.445root 11241100x8000000000000000524624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c311c33be029b62021-12-21 11:23:28.445root 11241100x8000000000000000524625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5925340ae8e3272021-12-21 11:23:28.445root 11241100x8000000000000000524626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a045713b989dc02021-12-21 11:23:28.445root 11241100x8000000000000000524627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933a18f1e09f70eb2021-12-21 11:23:28.445root 11241100x8000000000000000524628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83e6ec5c6c6a0fa2021-12-21 11:23:28.445root 11241100x8000000000000000524629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913b78bbd65afb8d2021-12-21 11:23:28.445root 11241100x8000000000000000524630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9095c395f11b662021-12-21 11:23:28.446root 11241100x8000000000000000524631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb27337cff3c23762021-12-21 11:23:28.446root 11241100x8000000000000000524632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe7106d80d0fd472021-12-21 11:23:28.446root 11241100x8000000000000000524633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c01062fb19aef32021-12-21 11:23:28.943root 11241100x8000000000000000524634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24c46a3b7b890592021-12-21 11:23:28.943root 11241100x8000000000000000524635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105ef3ee0f0af642021-12-21 11:23:28.943root 11241100x8000000000000000524636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26aca29ffd3a6af02021-12-21 11:23:28.943root 11241100x8000000000000000524637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494fc05116d92272021-12-21 11:23:28.943root 11241100x8000000000000000524638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0923ce7c785dcd2021-12-21 11:23:28.944root 11241100x8000000000000000524639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f913a38e510421e2021-12-21 11:23:28.944root 11241100x8000000000000000524640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca709e8f0d2f6872021-12-21 11:23:28.944root 11241100x8000000000000000524641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83a1c8df8a9b9d92021-12-21 11:23:28.944root 11241100x8000000000000000524642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad217136caf78242021-12-21 11:23:28.944root 11241100x8000000000000000524643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c74290b2ceb902021-12-21 11:23:28.944root 11241100x8000000000000000524644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8797a0f02763e2b2021-12-21 11:23:28.944root 11241100x8000000000000000524645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8b44822b527022021-12-21 11:23:28.945root 11241100x8000000000000000524646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0aa7f7aa38662a2021-12-21 11:23:28.945root 11241100x8000000000000000524647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d1d946db1c0f42021-12-21 11:23:28.945root 11241100x8000000000000000524648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5f94bcef03d4f2021-12-21 11:23:28.945root 11241100x8000000000000000524649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a62eb945d993272021-12-21 11:23:28.946root 11241100x8000000000000000524650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40209949d6743c062021-12-21 11:23:28.946root 11241100x8000000000000000524651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6127f4fa34f2c72021-12-21 11:23:28.946root 11241100x8000000000000000524652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f284eb8069d598f2021-12-21 11:23:28.946root 11241100x8000000000000000524653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78285ab8b7cebdab2021-12-21 11:23:28.946root 11241100x8000000000000000524654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dc59c69fc6585b2021-12-21 11:23:28.946root 11241100x8000000000000000524655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a4d366ec55f1592021-12-21 11:23:28.947root 11241100x8000000000000000524656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66a7c0a433bdf22021-12-21 11:23:28.947root 11241100x8000000000000000524657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30602db298f50a22021-12-21 11:23:28.947root 11241100x8000000000000000524658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f8206363263522021-12-21 11:23:28.947root 11241100x8000000000000000524659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e235c22580839f02021-12-21 11:23:28.947root 11241100x8000000000000000524660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83df097ff7eac82021-12-21 11:23:28.947root 11241100x8000000000000000524661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6916c222eaf0852021-12-21 11:23:29.443root 11241100x8000000000000000524662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e5dbb75c976d812021-12-21 11:23:29.443root 11241100x8000000000000000524663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b132eba884ee0b3a2021-12-21 11:23:29.443root 11241100x8000000000000000524664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fd5989c0849a162021-12-21 11:23:29.443root 11241100x8000000000000000524665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db89007c34151c32021-12-21 11:23:29.444root 11241100x8000000000000000524666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfa73723a21f1b02021-12-21 11:23:29.444root 11241100x8000000000000000524667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b3cded54a5f3c2021-12-21 11:23:29.445root 11241100x8000000000000000524668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189d2fe47f7e6d0f2021-12-21 11:23:29.445root 11241100x8000000000000000524669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0541c5b65997be5a2021-12-21 11:23:29.445root 11241100x8000000000000000524670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e47505f186e7372021-12-21 11:23:29.445root 11241100x8000000000000000524671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dce0377f5c439c82021-12-21 11:23:29.445root 11241100x8000000000000000524672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44df56b7ef9ddf052021-12-21 11:23:29.445root 11241100x8000000000000000524673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a9bc638f48b7952021-12-21 11:23:29.446root 11241100x8000000000000000524674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95cbd7538da18e62021-12-21 11:23:29.446root 11241100x8000000000000000524675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ac10b1e2ab6e82021-12-21 11:23:29.446root 11241100x8000000000000000524676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43348dd443dfd85f2021-12-21 11:23:29.446root 11241100x8000000000000000524677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bdec026b55f1ae2021-12-21 11:23:29.446root 11241100x8000000000000000524678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f675e17b01eb82021-12-21 11:23:29.446root 11241100x8000000000000000524679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d45b23c6c4b082021-12-21 11:23:29.446root 11241100x8000000000000000524680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff969e0e00761cef2021-12-21 11:23:29.446root 11241100x8000000000000000524681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd6920e603b4222021-12-21 11:23:29.446root 11241100x8000000000000000524682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30994f27f5f01a32021-12-21 11:23:29.447root 11241100x8000000000000000524683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f29deab1875201e2021-12-21 11:23:29.943root 11241100x8000000000000000524684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9b16b7f8d3b3842021-12-21 11:23:29.943root 11241100x8000000000000000524685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b652da582ca77a272021-12-21 11:23:29.943root 11241100x8000000000000000524686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f571dc6406c6e2021-12-21 11:23:29.943root 11241100x8000000000000000524687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff4521c92fb8be2021-12-21 11:23:29.943root 11241100x8000000000000000524688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bea94267c8cb502021-12-21 11:23:29.944root 11241100x8000000000000000524689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafd4307ba5722352021-12-21 11:23:29.944root 11241100x8000000000000000524690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479fe53746f2368e2021-12-21 11:23:29.944root 11241100x8000000000000000524691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab3a2b7521cdf032021-12-21 11:23:29.944root 11241100x8000000000000000524692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a614e54e8d5d12021-12-21 11:23:29.944root 11241100x8000000000000000524693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5183d4e86696d1a2021-12-21 11:23:29.944root 11241100x8000000000000000524694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d414fb0795a4e4c12021-12-21 11:23:29.944root 11241100x8000000000000000524695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac0767be49eae192021-12-21 11:23:29.944root 11241100x8000000000000000524696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cecd08f9915ad22021-12-21 11:23:29.944root 11241100x8000000000000000524697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229049357f39a3672021-12-21 11:23:29.944root 11241100x8000000000000000524698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2734d6a171f2d4602021-12-21 11:23:29.944root 11241100x8000000000000000524699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6addae6fc02bf42021-12-21 11:23:29.944root 11241100x8000000000000000524700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cfd754144f39112021-12-21 11:23:29.944root 11241100x8000000000000000524701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da76510afe2c302021-12-21 11:23:29.944root 11241100x8000000000000000524702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c31d06184f827f92021-12-21 11:23:29.944root 11241100x8000000000000000524703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee18bcdb5b05ec32021-12-21 11:23:29.945root 11241100x8000000000000000524704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea83616117a0582021-12-21 11:23:30.443root 11241100x8000000000000000524705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77e861fcaa5cd992021-12-21 11:23:30.443root 11241100x8000000000000000524706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d4179e7d73be482021-12-21 11:23:30.443root 11241100x8000000000000000524707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ba3ffbb82df3f2021-12-21 11:23:30.443root 11241100x8000000000000000524708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dafecd0e546d79f2021-12-21 11:23:30.444root 11241100x8000000000000000524709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f35186c9c5e75f2021-12-21 11:23:30.444root 11241100x8000000000000000524710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc8030b7ce762e22021-12-21 11:23:30.444root 11241100x8000000000000000524711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443a712c14af3a82021-12-21 11:23:30.444root 11241100x8000000000000000524712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79177ee3d6c95d582021-12-21 11:23:30.444root 11241100x8000000000000000524713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96913bdf30115a22021-12-21 11:23:30.444root 11241100x8000000000000000524714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f020a0ae1e7ad1c52021-12-21 11:23:30.444root 11241100x8000000000000000524715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850f5f1593b4803b2021-12-21 11:23:30.444root 11241100x8000000000000000524716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e508306b5b2dbe32021-12-21 11:23:30.444root 11241100x8000000000000000524717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104bbb62bb8e81312021-12-21 11:23:30.444root 11241100x8000000000000000524718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9fa43949305aaf2021-12-21 11:23:30.444root 11241100x8000000000000000524719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b15a2901afa4182021-12-21 11:23:30.444root 11241100x8000000000000000524720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256abbae1c565d482021-12-21 11:23:30.444root 11241100x8000000000000000524721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b805cbd08805aa6b2021-12-21 11:23:30.444root 11241100x8000000000000000524722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb02be4ba3fc4aa2021-12-21 11:23:30.444root 11241100x8000000000000000524723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e186f5fc228b636a2021-12-21 11:23:30.445root 11241100x8000000000000000524724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c176eb8a55aafd2021-12-21 11:23:30.445root 11241100x8000000000000000524725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b515e39080b31b942021-12-21 11:23:30.943root 11241100x8000000000000000524726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3684bf5ae8c476222021-12-21 11:23:30.943root 11241100x8000000000000000524727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5588b92e167064a82021-12-21 11:23:30.943root 11241100x8000000000000000524728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c260d361f61aeff02021-12-21 11:23:30.943root 11241100x8000000000000000524729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e333c6429de90f42021-12-21 11:23:30.944root 11241100x8000000000000000524730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3772d9912fddd92021-12-21 11:23:30.944root 11241100x8000000000000000524731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076db8f0728797c02021-12-21 11:23:30.944root 11241100x8000000000000000524732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddc627541768e992021-12-21 11:23:30.944root 11241100x8000000000000000524733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a76d15a1a5e43f2021-12-21 11:23:30.944root 11241100x8000000000000000524734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83beafb3f9874f102021-12-21 11:23:30.944root 11241100x8000000000000000524735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8a9b2ae92f7542021-12-21 11:23:30.944root 11241100x8000000000000000524736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb833fe74f9f842021-12-21 11:23:30.944root 11241100x8000000000000000524737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f583ff6ef37dbc2021-12-21 11:23:30.944root 11241100x8000000000000000524738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b49b3f59ced7e2021-12-21 11:23:30.944root 11241100x8000000000000000524739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a227cdbb22ea732021-12-21 11:23:30.944root 11241100x8000000000000000524740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400be87801a604862021-12-21 11:23:30.944root 11241100x8000000000000000524741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9426ef37a4f084e2021-12-21 11:23:30.944root 11241100x8000000000000000524742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9753781012df63292021-12-21 11:23:30.945root 11241100x8000000000000000524743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fed225c42f6a712021-12-21 11:23:30.945root 11241100x8000000000000000524744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef21af5738f28092021-12-21 11:23:30.945root 11241100x8000000000000000524745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388085db827d4b7f2021-12-21 11:23:30.945root 11241100x8000000000000000524746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9097554762c4bf722021-12-21 11:23:31.443root 11241100x8000000000000000524747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95a42aeb6638cbc2021-12-21 11:23:31.443root 11241100x8000000000000000524748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476cc7f8e62925242021-12-21 11:23:31.443root 11241100x8000000000000000524749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1453cfd00752111a2021-12-21 11:23:31.443root 11241100x8000000000000000524750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d8e547a3bdb8b62021-12-21 11:23:31.444root 11241100x8000000000000000524751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b1d12e5f880f02021-12-21 11:23:31.444root 11241100x8000000000000000524752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d364488b89feddd2021-12-21 11:23:31.444root 11241100x8000000000000000524753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e771701e98050b7f2021-12-21 11:23:31.444root 11241100x8000000000000000524754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a846e8caa033c22021-12-21 11:23:31.444root 11241100x8000000000000000524755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424a16a4eb7f7742021-12-21 11:23:31.444root 11241100x8000000000000000524756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f469eaa3369a68ad2021-12-21 11:23:31.444root 11241100x8000000000000000524757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed45ab7f052eb7a2021-12-21 11:23:31.444root 11241100x8000000000000000524758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7297a41feb29fd2021-12-21 11:23:31.445root 11241100x8000000000000000524759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dc0f9c95ab5bc82021-12-21 11:23:31.445root 11241100x8000000000000000524760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554150a35ff9c4602021-12-21 11:23:31.445root 11241100x8000000000000000524761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c4e912d45575cc2021-12-21 11:23:31.445root 11241100x8000000000000000524762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f655f53c07e1e7292021-12-21 11:23:31.445root 11241100x8000000000000000524763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b84bbe800c59ad2021-12-21 11:23:31.445root 11241100x8000000000000000524764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1c4113183b6a012021-12-21 11:23:31.445root 11241100x8000000000000000524765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d702897b678432021-12-21 11:23:31.445root 11241100x8000000000000000524766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67672c6e3ec06e5a2021-12-21 11:23:31.445root 11241100x8000000000000000524767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb10d6331db1a8d82021-12-21 11:23:31.943root 11241100x8000000000000000524768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c99937b839abbd2021-12-21 11:23:31.943root 11241100x8000000000000000524769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935b0a1e59031a312021-12-21 11:23:31.943root 11241100x8000000000000000524770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b8fe74f5934ee42021-12-21 11:23:31.943root 11241100x8000000000000000524771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0bf777aa9fde402021-12-21 11:23:31.943root 11241100x8000000000000000524772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b87d0c27a1999e2021-12-21 11:23:31.943root 11241100x8000000000000000524773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06753516a7bbec162021-12-21 11:23:31.944root 11241100x8000000000000000524774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c4aecff6571aaf2021-12-21 11:23:31.944root 11241100x8000000000000000524775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51239414a32974c2021-12-21 11:23:31.944root 11241100x8000000000000000524776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62bc199207bf4a2021-12-21 11:23:31.944root 11241100x8000000000000000524777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5790d50bf978c652021-12-21 11:23:31.944root 11241100x8000000000000000524778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd12a72a2ca8832021-12-21 11:23:31.944root 11241100x8000000000000000524779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752afdb3943f60a82021-12-21 11:23:31.944root 11241100x8000000000000000524780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6c747fac8035cc2021-12-21 11:23:31.944root 11241100x8000000000000000524781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff762d4b8ea3df42021-12-21 11:23:31.944root 11241100x8000000000000000524782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f7a3f2d9079592021-12-21 11:23:31.944root 11241100x8000000000000000524783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8b7c4fea4f081f2021-12-21 11:23:31.944root 11241100x8000000000000000524784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a754ee78deabb992021-12-21 11:23:31.945root 11241100x8000000000000000524785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7a97a534d0c1382021-12-21 11:23:31.945root 11241100x8000000000000000524786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca4eba47384e69b2021-12-21 11:23:31.945root 11241100x8000000000000000524787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d7579acb1a1b022021-12-21 11:23:31.945root 11241100x8000000000000000524788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3341cebb2c2733c2021-12-21 11:23:31.945root 354300x8000000000000000524789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.242{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48472-false10.0.1.12-8000- 11241100x8000000000000000524790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68b61bfb2c49cda2021-12-21 11:23:32.244root 11241100x8000000000000000524791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8930fc916f27527f2021-12-21 11:23:32.244root 11241100x8000000000000000524792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadbdc2c0921cef82021-12-21 11:23:32.244root 11241100x8000000000000000524793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacf4b73b303fa52021-12-21 11:23:32.244root 11241100x8000000000000000524794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060241ee07bd854c2021-12-21 11:23:32.245root 11241100x8000000000000000524795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011712010cee954d2021-12-21 11:23:32.245root 11241100x8000000000000000524796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b0d2999389ff222021-12-21 11:23:32.245root 11241100x8000000000000000524797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9c26c3719ad2582021-12-21 11:23:32.245root 11241100x8000000000000000524798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69cd397081314482021-12-21 11:23:32.245root 11241100x8000000000000000524799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8818bb9aec6fe2021-12-21 11:23:32.245root 11241100x8000000000000000524800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb3a845c5bc2142021-12-21 11:23:32.245root 11241100x8000000000000000524801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd48f13be92e6f42021-12-21 11:23:32.245root 11241100x8000000000000000524802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12544a68bd8a8c012021-12-21 11:23:32.245root 11241100x8000000000000000524803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49b3718477914682021-12-21 11:23:32.246root 11241100x8000000000000000524804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e61f4bbba9711b2021-12-21 11:23:32.246root 11241100x8000000000000000524805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25e98c3be75ae5c2021-12-21 11:23:32.246root 11241100x8000000000000000524806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388a1f45195af9fd2021-12-21 11:23:32.246root 11241100x8000000000000000524807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cefc717e0ea87dc2021-12-21 11:23:32.246root 11241100x8000000000000000524808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c2ec99575f7ddd2021-12-21 11:23:32.246root 11241100x8000000000000000524809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235dfa02e264d2b82021-12-21 11:23:32.246root 11241100x8000000000000000524810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567508989dfac66f2021-12-21 11:23:32.246root 11241100x8000000000000000524811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f7cf7b2d4cc4d72021-12-21 11:23:32.246root 11241100x8000000000000000524812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bd255ffea2ce992021-12-21 11:23:32.693root 11241100x8000000000000000524813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89c7fd0de0390722021-12-21 11:23:32.693root 11241100x8000000000000000524814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d01b3474209f32021-12-21 11:23:32.693root 11241100x8000000000000000524815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c03ee430ff233632021-12-21 11:23:32.694root 11241100x8000000000000000524816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c454ac196b3b60ae2021-12-21 11:23:32.694root 11241100x8000000000000000524817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a126a5501c2e3eef2021-12-21 11:23:32.694root 11241100x8000000000000000524818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633e7e1a08b5faaf2021-12-21 11:23:32.694root 11241100x8000000000000000524819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debc7216c432a2ec2021-12-21 11:23:32.694root 11241100x8000000000000000524820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aacca39bfff7d182021-12-21 11:23:32.694root 11241100x8000000000000000524821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632e0146d00735572021-12-21 11:23:32.694root 11241100x8000000000000000524822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170cb1740653941f2021-12-21 11:23:32.694root 11241100x8000000000000000524823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71180392eb285d92021-12-21 11:23:32.694root 11241100x8000000000000000524824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c6834ebd25c97a2021-12-21 11:23:32.694root 11241100x8000000000000000524825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3ed1f38eb6ea5d2021-12-21 11:23:32.694root 11241100x8000000000000000524826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90498bec0867d072021-12-21 11:23:32.694root 11241100x8000000000000000524827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228651f99dd607dc2021-12-21 11:23:32.695root 11241100x8000000000000000524828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e96c820ff1ea4912021-12-21 11:23:32.695root 11241100x8000000000000000524829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5db53cfcad4566e2021-12-21 11:23:32.695root 11241100x8000000000000000524830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5757e88fc65cf22021-12-21 11:23:32.695root 11241100x8000000000000000524831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750e4ed5042dfb062021-12-21 11:23:32.695root 11241100x8000000000000000524832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae1e73017ed01892021-12-21 11:23:32.695root 11241100x8000000000000000524833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb34e1e996d00702021-12-21 11:23:32.695root 11241100x8000000000000000524834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810e3301674c53982021-12-21 11:23:33.193root 11241100x8000000000000000524835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec1dd54ba113db2021-12-21 11:23:33.193root 11241100x8000000000000000524836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1a09864260c1922021-12-21 11:23:33.193root 11241100x8000000000000000524837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f4e17693b484f2021-12-21 11:23:33.194root 11241100x8000000000000000524838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8f397f90bc2e622021-12-21 11:23:33.194root 11241100x8000000000000000524839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9a547e79394c1c2021-12-21 11:23:33.194root 11241100x8000000000000000524840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cdcd1536e7404e2021-12-21 11:23:33.194root 11241100x8000000000000000524841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641f9d4594c2de6d2021-12-21 11:23:33.194root 11241100x8000000000000000524842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7673ddc81db3fdcc2021-12-21 11:23:33.194root 11241100x8000000000000000524843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f587484654efc92021-12-21 11:23:33.194root 11241100x8000000000000000524844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d69e041bfe456c2021-12-21 11:23:33.194root 11241100x8000000000000000524845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d919241452cd3cc32021-12-21 11:23:33.194root 11241100x8000000000000000524846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9eea76bc71365e2021-12-21 11:23:33.194root 11241100x8000000000000000524847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5646516ed053382021-12-21 11:23:33.194root 11241100x8000000000000000524848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94d8a9d9e6d01482021-12-21 11:23:33.194root 11241100x8000000000000000524849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fb1445577ebb5d2021-12-21 11:23:33.195root 11241100x8000000000000000524850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbabf68697ad90642021-12-21 11:23:33.195root 11241100x8000000000000000524851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da6a4ceaad2b4062021-12-21 11:23:33.195root 11241100x8000000000000000524852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c952aa298a9789c82021-12-21 11:23:33.195root 11241100x8000000000000000524853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447770c0ec48e70e2021-12-21 11:23:33.195root 11241100x8000000000000000524854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628448c20605fdbb2021-12-21 11:23:33.195root 11241100x8000000000000000524855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68262445c088fe1d2021-12-21 11:23:33.195root 11241100x8000000000000000524856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a13cf02779ea102021-12-21 11:23:33.693root 11241100x8000000000000000524857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b92436f96c49df2021-12-21 11:23:33.693root 11241100x8000000000000000524858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb56fa684a370c2021-12-21 11:23:33.693root 11241100x8000000000000000524859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49fc7f32082ae8f2021-12-21 11:23:33.693root 11241100x8000000000000000524860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917cf3a2692618fe2021-12-21 11:23:33.694root 11241100x8000000000000000524861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc10b27de2253e2021-12-21 11:23:33.694root 11241100x8000000000000000524862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613714f6447467c62021-12-21 11:23:33.694root 11241100x8000000000000000524863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2426b2d9d65338f2021-12-21 11:23:33.694root 11241100x8000000000000000524864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01da29366548d2bc2021-12-21 11:23:33.694root 11241100x8000000000000000524865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bc21b6c2b1a5692021-12-21 11:23:33.694root 11241100x8000000000000000524866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e68783a023ebb02021-12-21 11:23:33.694root 11241100x8000000000000000524867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403f94421d43e3f62021-12-21 11:23:33.694root 11241100x8000000000000000524868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9c9e287457ad5f2021-12-21 11:23:33.694root 11241100x8000000000000000524869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daa968983bafc232021-12-21 11:23:33.694root 11241100x8000000000000000524870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e2b008839be2a2021-12-21 11:23:33.694root 11241100x8000000000000000524871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f365fe5844a99952021-12-21 11:23:33.695root 11241100x8000000000000000524872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff1f56c9445fa42021-12-21 11:23:33.695root 11241100x8000000000000000524873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe19fb2fddefa8572021-12-21 11:23:33.695root 11241100x8000000000000000524874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071f11870e31f352021-12-21 11:23:33.695root 11241100x8000000000000000524875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d646c2a91ef13ab2021-12-21 11:23:33.695root 11241100x8000000000000000524876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6345017a7865bd1a2021-12-21 11:23:33.695root 11241100x8000000000000000524877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d518eecfa8c749c72021-12-21 11:23:33.695root 11241100x8000000000000000524878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3bc83f8b304f822021-12-21 11:23:34.193root 11241100x8000000000000000524879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4c525ed664e1902021-12-21 11:23:34.193root 11241100x8000000000000000524880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f6e06da0595a852021-12-21 11:23:34.193root 11241100x8000000000000000524881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9477aa7adc92ab2021-12-21 11:23:34.193root 11241100x8000000000000000524882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bd9086eff4b4902021-12-21 11:23:34.193root 11241100x8000000000000000524883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24699641f8c3ae32021-12-21 11:23:34.193root 11241100x8000000000000000524884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b63b93e6071268d2021-12-21 11:23:34.193root 11241100x8000000000000000524885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e638eebdc404aa22021-12-21 11:23:34.193root 11241100x8000000000000000524886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d242a0bafeeeb9132021-12-21 11:23:34.193root 11241100x8000000000000000524887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b25da0ca15db82021-12-21 11:23:34.194root 11241100x8000000000000000524888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ba85785632aef72021-12-21 11:23:34.194root 11241100x8000000000000000524889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75633a64d7cff2d2021-12-21 11:23:34.194root 11241100x8000000000000000524890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fc1f12792a3b3c2021-12-21 11:23:34.194root 11241100x8000000000000000524891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f79c0d1d112212021-12-21 11:23:34.194root 11241100x8000000000000000524892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336f5023299144c2021-12-21 11:23:34.194root 11241100x8000000000000000524893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34bf1975ab0de562021-12-21 11:23:34.194root 11241100x8000000000000000524894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cbee457196dc452021-12-21 11:23:34.194root 11241100x8000000000000000524895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a624188d46d801582021-12-21 11:23:34.194root 11241100x8000000000000000524896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe3267aacef9322021-12-21 11:23:34.194root 11241100x8000000000000000524897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66857de9dc594ac52021-12-21 11:23:34.195root 11241100x8000000000000000524898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa75ef03989a9622021-12-21 11:23:34.195root 11241100x8000000000000000524899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190a686ee29ee63b2021-12-21 11:23:34.195root 11241100x8000000000000000524900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5594402ddcaa562021-12-21 11:23:34.195root 11241100x8000000000000000524901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccb7d1ade80ec82021-12-21 11:23:34.693root 11241100x8000000000000000524902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab21668c3ab0c3f62021-12-21 11:23:34.693root 11241100x8000000000000000524903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eb48b4fa3ee7c62021-12-21 11:23:34.693root 11241100x8000000000000000524904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620727d64cbebfd72021-12-21 11:23:34.694root 11241100x8000000000000000524905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462cf21d6f93edc92021-12-21 11:23:34.694root 11241100x8000000000000000524906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701cf5403026574c2021-12-21 11:23:34.694root 11241100x8000000000000000524907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9addf86209b5d3e2021-12-21 11:23:34.694root 11241100x8000000000000000524908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02b69048c15bdcb2021-12-21 11:23:34.694root 11241100x8000000000000000524909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954fc823ef6381a32021-12-21 11:23:34.694root 11241100x8000000000000000524910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600030b3720c12192021-12-21 11:23:34.694root 11241100x8000000000000000524911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018c99540806ced42021-12-21 11:23:34.694root 11241100x8000000000000000524912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375547eb5ebc1892021-12-21 11:23:34.694root 11241100x8000000000000000524913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7337cbac39401f2021-12-21 11:23:34.694root 11241100x8000000000000000524914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11c5bcffdaf41142021-12-21 11:23:34.695root 11241100x8000000000000000524915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3ddf2db658ddb32021-12-21 11:23:34.695root 11241100x8000000000000000524916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2673c9497dcea38c2021-12-21 11:23:34.695root 11241100x8000000000000000524917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add10d52eee8019d2021-12-21 11:23:34.695root 11241100x8000000000000000524918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d60319b1ce0c21c2021-12-21 11:23:34.695root 11241100x8000000000000000524919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35823f48df87bff22021-12-21 11:23:34.695root 11241100x8000000000000000524920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc5ec109ba6e49d2021-12-21 11:23:34.695root 11241100x8000000000000000524921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d0b4b6364aaef2021-12-21 11:23:34.695root 11241100x8000000000000000524922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9095a1fc28ffaa12021-12-21 11:23:34.695root 11241100x8000000000000000524923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e04ccc9014a342021-12-21 11:23:35.193root 11241100x8000000000000000524924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59dc0dafcccdc9e2021-12-21 11:23:35.193root 11241100x8000000000000000524925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853bd42b84d53802021-12-21 11:23:35.194root 11241100x8000000000000000524926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa969e34996ad142021-12-21 11:23:35.194root 11241100x8000000000000000524927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58f15a11e5e8ef02021-12-21 11:23:35.194root 11241100x8000000000000000524928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acddc5b2537884552021-12-21 11:23:35.194root 11241100x8000000000000000524929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dda48a922d1cc362021-12-21 11:23:35.194root 11241100x8000000000000000524930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa01132b121068e2021-12-21 11:23:35.195root 11241100x8000000000000000524931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed4c20772216fd52021-12-21 11:23:35.195root 11241100x8000000000000000524932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d166544a768a75b2021-12-21 11:23:35.195root 11241100x8000000000000000524933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a610e2f04a5ba6db2021-12-21 11:23:35.195root 11241100x8000000000000000524934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b79354bb711f8c72021-12-21 11:23:35.195root 11241100x8000000000000000524935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e06e62fe3e50a702021-12-21 11:23:35.195root 11241100x8000000000000000524936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097a1ae6c4021272021-12-21 11:23:35.195root 11241100x8000000000000000524937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60ae9259990c2242021-12-21 11:23:35.195root 11241100x8000000000000000524938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd41de308c83ee2021-12-21 11:23:35.195root 11241100x8000000000000000524939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34eb0f884ff36d992021-12-21 11:23:35.195root 11241100x8000000000000000524940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9603d9d6ac41ec72021-12-21 11:23:35.195root 11241100x8000000000000000524941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c4d5d946d530b2021-12-21 11:23:35.195root 11241100x8000000000000000524942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2379c983a1242b92021-12-21 11:23:35.196root 11241100x8000000000000000524943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ed72168621d9532021-12-21 11:23:35.196root 11241100x8000000000000000524944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f488c1553d71a6e2021-12-21 11:23:35.196root 11241100x8000000000000000524945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba779520acc3c4db2021-12-21 11:23:35.693root 11241100x8000000000000000524946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58bb92fcbe08ebb2021-12-21 11:23:35.693root 11241100x8000000000000000524947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c32fd3f582f35b02021-12-21 11:23:35.693root 11241100x8000000000000000524948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b09cc91af1e9e2021-12-21 11:23:35.694root 11241100x8000000000000000524949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba73c733d8ee572021-12-21 11:23:35.694root 11241100x8000000000000000524950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f28202cadbc5c9f2021-12-21 11:23:35.694root 11241100x8000000000000000524951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55156f17cf5cc2a52021-12-21 11:23:35.694root 11241100x8000000000000000524952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d102100a2c3321ac2021-12-21 11:23:35.694root 11241100x8000000000000000524953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe40324431eff2e32021-12-21 11:23:35.694root 11241100x8000000000000000524954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400289e5c683344f2021-12-21 11:23:35.694root 11241100x8000000000000000524955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c56b1d21dd9e8e2021-12-21 11:23:35.695root 11241100x8000000000000000524956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f8cd1607c33da12021-12-21 11:23:35.695root 11241100x8000000000000000524957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e8f3501a14877b2021-12-21 11:23:35.695root 11241100x8000000000000000524958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a023c456df3b8de2021-12-21 11:23:35.695root 11241100x8000000000000000524959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac350eb46403af2021-12-21 11:23:35.695root 11241100x8000000000000000524960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda905c52350370c2021-12-21 11:23:35.695root 11241100x8000000000000000524961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301f77b0ddc4c80f2021-12-21 11:23:35.695root 11241100x8000000000000000524962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff36a1497fb8da82021-12-21 11:23:35.695root 11241100x8000000000000000524963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff65434ca14a64fd2021-12-21 11:23:35.695root 11241100x8000000000000000524964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbc77da56c2cd0e2021-12-21 11:23:35.696root 11241100x8000000000000000524965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf8fa30aa36b2782021-12-21 11:23:35.696root 11241100x8000000000000000524966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f77c95b40460662021-12-21 11:23:35.696root 11241100x8000000000000000524967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a9f72c3fb89722021-12-21 11:23:36.193root 11241100x8000000000000000524968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301337f308b8e3842021-12-21 11:23:36.193root 11241100x8000000000000000524969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accc07298b060c092021-12-21 11:23:36.193root 11241100x8000000000000000524970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78803da769423e82021-12-21 11:23:36.193root 11241100x8000000000000000524971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab1efebfd9d46ac2021-12-21 11:23:36.193root 11241100x8000000000000000524972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4f7b6b063ad5af2021-12-21 11:23:36.193root 11241100x8000000000000000524973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3188ec4c9d583b82021-12-21 11:23:36.194root 11241100x8000000000000000524974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e231b42cdbcf72752021-12-21 11:23:36.194root 11241100x8000000000000000524975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5c260c29f719c82021-12-21 11:23:36.194root 11241100x8000000000000000524976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76df57c047ef545e2021-12-21 11:23:36.194root 11241100x8000000000000000524977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d617abec63352bd2021-12-21 11:23:36.194root 11241100x8000000000000000524978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6859e6432087ad602021-12-21 11:23:36.194root 11241100x8000000000000000524979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba62886c61e35e8b2021-12-21 11:23:36.194root 11241100x8000000000000000524980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd64d30673186a2021-12-21 11:23:36.194root 11241100x8000000000000000524981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fb5c3a0f2dd8072021-12-21 11:23:36.194root 11241100x8000000000000000524982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9e2ade28d393d62021-12-21 11:23:36.194root 11241100x8000000000000000524983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e117c7a89d659b2021-12-21 11:23:36.194root 11241100x8000000000000000524984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c53f5dd890d14bb2021-12-21 11:23:36.194root 11241100x8000000000000000524985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0227bfdb7ab8839b2021-12-21 11:23:36.195root 11241100x8000000000000000524986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49ac3039e1b7c42021-12-21 11:23:36.195root 11241100x8000000000000000524987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a448e3d9620a882021-12-21 11:23:36.195root 11241100x8000000000000000524988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c21a48fe15d661d2021-12-21 11:23:36.195root 11241100x8000000000000000524989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3c08397908ee122021-12-21 11:23:36.195root 11241100x8000000000000000524990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:23:36.329root 11241100x8000000000000000524991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0cfb7e17d7b3922021-12-21 11:23:36.693root 11241100x8000000000000000524992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5cedbd7e1e91222021-12-21 11:23:36.693root 11241100x8000000000000000524993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6254da309b08e5212021-12-21 11:23:36.693root 11241100x8000000000000000524994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbbd22d86df93562021-12-21 11:23:36.693root 11241100x8000000000000000524995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02ea157ce4e77182021-12-21 11:23:36.693root 11241100x8000000000000000524996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e64ce571fa774b2021-12-21 11:23:36.693root 11241100x8000000000000000524997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f6521e87f827a62021-12-21 11:23:36.694root 11241100x8000000000000000524998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1d702ed6ed4d9e2021-12-21 11:23:36.694root 11241100x8000000000000000524999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33d6bb7264b52022021-12-21 11:23:36.694root 11241100x8000000000000000525000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a525429dc5b16202021-12-21 11:23:36.694root 11241100x8000000000000000525001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166223f73f669ffd2021-12-21 11:23:36.694root 11241100x8000000000000000525002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3978afc3c7c342021-12-21 11:23:36.694root 11241100x8000000000000000525003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eddd81ac2811a42021-12-21 11:23:36.694root 11241100x8000000000000000525004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b2c82defb68212021-12-21 11:23:36.695root 11241100x8000000000000000525005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e82dc94c518e992021-12-21 11:23:36.695root 11241100x8000000000000000525006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f09c58df73b3fa2021-12-21 11:23:36.695root 11241100x8000000000000000525007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db92b0e115dd1de12021-12-21 11:23:36.695root 11241100x8000000000000000525008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332d3659f5dc2a622021-12-21 11:23:36.695root 11241100x8000000000000000525009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53f7fbedd3ee652021-12-21 11:23:36.695root 11241100x8000000000000000525010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e55975ff667b32021-12-21 11:23:36.695root 11241100x8000000000000000525011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844b0b290422018e2021-12-21 11:23:36.695root 11241100x8000000000000000525012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de99b15810d6eba22021-12-21 11:23:36.695root 11241100x8000000000000000525013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01238be9474c4ca12021-12-21 11:23:36.696root 11241100x8000000000000000525014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b4ecfe9c3c831a2021-12-21 11:23:36.696root 11241100x8000000000000000525015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abe22f005475a642021-12-21 11:23:37.193root 11241100x8000000000000000525016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d581159daff8f6822021-12-21 11:23:37.193root 11241100x8000000000000000525017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd26a6ff439143c62021-12-21 11:23:37.194root 11241100x8000000000000000525018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4380a7f6e017d22021-12-21 11:23:37.194root 11241100x8000000000000000525019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d9f02a43bf234b2021-12-21 11:23:37.194root 11241100x8000000000000000525020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd43b8cad5dbf852021-12-21 11:23:37.195root 11241100x8000000000000000525021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56494bc054bef8b92021-12-21 11:23:37.195root 11241100x8000000000000000525022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92975494865767b92021-12-21 11:23:37.195root 11241100x8000000000000000525023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da00a1adfaea68162021-12-21 11:23:37.195root 11241100x8000000000000000525024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9126a8e7265e3a7f2021-12-21 11:23:37.196root 11241100x8000000000000000525025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba6c2c297dbb9332021-12-21 11:23:37.196root 11241100x8000000000000000525026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7ddd117a3806e32021-12-21 11:23:37.196root 11241100x8000000000000000525027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7518a26d570a32021-12-21 11:23:37.196root 11241100x8000000000000000525028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd29d38d60666b72021-12-21 11:23:37.196root 11241100x8000000000000000525029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d91418f2e8583b2021-12-21 11:23:37.196root 11241100x8000000000000000525030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29076e49ea15bb12021-12-21 11:23:37.196root 11241100x8000000000000000525031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434e3f7a33478e232021-12-21 11:23:37.196root 11241100x8000000000000000525032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0448666b10e31a32021-12-21 11:23:37.196root 11241100x8000000000000000525033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36baa1215aef23b52021-12-21 11:23:37.197root 11241100x8000000000000000525034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ebeb5898b4843c2021-12-21 11:23:37.197root 11241100x8000000000000000525035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94be8b1badbc9ff2021-12-21 11:23:37.197root 11241100x8000000000000000525036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fb4b2918b02c2c2021-12-21 11:23:37.197root 11241100x8000000000000000525037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e309c983c123ab2021-12-21 11:23:37.197root 11241100x8000000000000000525038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec90083f8244e02021-12-21 11:23:37.693root 11241100x8000000000000000525039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1f0756b84581fd2021-12-21 11:23:37.693root 11241100x8000000000000000525040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d8879ac59caed72021-12-21 11:23:37.694root 11241100x8000000000000000525041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e51af419b4accb2021-12-21 11:23:37.694root 11241100x8000000000000000525042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709d8142d46768702021-12-21 11:23:37.694root 11241100x8000000000000000525043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8d50e5235d05352021-12-21 11:23:37.694root 11241100x8000000000000000525044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16826060bb2c1e552021-12-21 11:23:37.694root 11241100x8000000000000000525045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c47b00f1bd35f2021-12-21 11:23:37.694root 11241100x8000000000000000525046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d27daa35b471512021-12-21 11:23:37.694root 11241100x8000000000000000525047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bb1bc28cd9bd1f2021-12-21 11:23:37.695root 11241100x8000000000000000525048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4561405ad3c6572021-12-21 11:23:37.695root 11241100x8000000000000000525049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3214b3c26012e7442021-12-21 11:23:37.695root 11241100x8000000000000000525050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dec541eb0636b32021-12-21 11:23:37.696root 11241100x8000000000000000525051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0309462c248eb662021-12-21 11:23:37.696root 11241100x8000000000000000525052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c49e9227975fb9d2021-12-21 11:23:37.696root 11241100x8000000000000000525053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d5b77265515612021-12-21 11:23:37.696root 11241100x8000000000000000525054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8501710c91504322021-12-21 11:23:37.696root 11241100x8000000000000000525055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bacd055dba080902021-12-21 11:23:37.696root 11241100x8000000000000000525056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c78d9b0e0e2f5ae2021-12-21 11:23:37.696root 11241100x8000000000000000525057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7271b72890d6c79a2021-12-21 11:23:37.696root 11241100x8000000000000000525058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1126e90911be22021-12-21 11:23:37.696root 11241100x8000000000000000525059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3984e73d6c0cb92021-12-21 11:23:37.696root 11241100x8000000000000000525060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7567cdb0052412b72021-12-21 11:23:37.697root 11241100x8000000000000000525061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4bdd16718b521e2021-12-21 11:23:38.193root 11241100x8000000000000000525062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a072aa1e24625b62021-12-21 11:23:38.193root 11241100x8000000000000000525063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc95bea65c17262021-12-21 11:23:38.194root 11241100x8000000000000000525064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f17bb676eb565bc2021-12-21 11:23:38.194root 11241100x8000000000000000525065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccdb659745a93da2021-12-21 11:23:38.194root 11241100x8000000000000000525066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370b51ff0fe3c5aa2021-12-21 11:23:38.194root 11241100x8000000000000000525067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ace16fbead471532021-12-21 11:23:38.194root 11241100x8000000000000000525068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf57795c044d45b2021-12-21 11:23:38.195root 11241100x8000000000000000525069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb85c610729c7262021-12-21 11:23:38.195root 11241100x8000000000000000525070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fabc4e237459c42021-12-21 11:23:38.195root 11241100x8000000000000000525071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f1307691518bd62021-12-21 11:23:38.196root 11241100x8000000000000000525072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f8a608bd19b0402021-12-21 11:23:38.196root 11241100x8000000000000000525073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608f36f74255f8312021-12-21 11:23:38.196root 11241100x8000000000000000525074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f4969af56bfff2021-12-21 11:23:38.196root 11241100x8000000000000000525075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6991cb6a865f2732021-12-21 11:23:38.197root 11241100x8000000000000000525076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a7c9459815461d2021-12-21 11:23:38.197root 11241100x8000000000000000525077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39937d488f8231f62021-12-21 11:23:38.197root 11241100x8000000000000000525078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdba58ac4829189c2021-12-21 11:23:38.197root 11241100x8000000000000000525079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655a537e7c7e13ef2021-12-21 11:23:38.197root 11241100x8000000000000000525080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d9da9e331c7ee32021-12-21 11:23:38.198root 11241100x8000000000000000525081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3d66e2e33678712021-12-21 11:23:38.198root 11241100x8000000000000000525082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4d59a827410e5d2021-12-21 11:23:38.199root 11241100x8000000000000000525083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ad8099a1548caf2021-12-21 11:23:38.200root 11241100x8000000000000000525084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7130e3a309de0952021-12-21 11:23:38.200root 11241100x8000000000000000525085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29482a4a19f82c842021-12-21 11:23:38.201root 354300x8000000000000000525086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.211{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48474-false10.0.1.12-8000- 11241100x8000000000000000525087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de0d16cb11f21c12021-12-21 11:23:38.693root 11241100x8000000000000000525088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f861389c45439f882021-12-21 11:23:38.693root 11241100x8000000000000000525089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e17b346d99c542021-12-21 11:23:38.693root 11241100x8000000000000000525090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c0c73ad5aebd92021-12-21 11:23:38.693root 11241100x8000000000000000525091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc802634cf6dab5a2021-12-21 11:23:38.693root 11241100x8000000000000000525092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e7e16036fbf402021-12-21 11:23:38.694root 11241100x8000000000000000525093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edccc053c0295612021-12-21 11:23:38.694root 11241100x8000000000000000525094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17756966c965372021-12-21 11:23:38.694root 11241100x8000000000000000525095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43331841518e62072021-12-21 11:23:38.694root 11241100x8000000000000000525096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9725a105b357d50b2021-12-21 11:23:38.694root 11241100x8000000000000000525097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845ff34f179135e22021-12-21 11:23:38.694root 11241100x8000000000000000525098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5352be537fed8512021-12-21 11:23:38.694root 11241100x8000000000000000525099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17680c4d927351262021-12-21 11:23:38.694root 11241100x8000000000000000525100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ad9ab45533964b2021-12-21 11:23:38.695root 11241100x8000000000000000525101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230e8211a0c1dc22021-12-21 11:23:38.695root 11241100x8000000000000000525102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d9ef7882da8fb82021-12-21 11:23:38.695root 11241100x8000000000000000525103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4fe81edc7f08072021-12-21 11:23:38.695root 11241100x8000000000000000525104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573e46feea4cfe732021-12-21 11:23:38.695root 11241100x8000000000000000525105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e9426a72064c482021-12-21 11:23:38.695root 11241100x8000000000000000525106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ac2cebc7392ac32021-12-21 11:23:38.695root 11241100x8000000000000000525107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b196699663b3c3fe2021-12-21 11:23:38.695root 11241100x8000000000000000525108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcab2f05082d4602021-12-21 11:23:38.695root 11241100x8000000000000000525109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077e694e116036692021-12-21 11:23:38.696root 11241100x8000000000000000525110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727ad73be8a478c2021-12-21 11:23:38.696root 11241100x8000000000000000525111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2264d387d8a9bdcf2021-12-21 11:23:38.696root 11241100x8000000000000000525112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6e19c360de01d2021-12-21 11:23:39.193root 11241100x8000000000000000525113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129c444cddef74762021-12-21 11:23:39.193root 11241100x8000000000000000525114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f08ca35f91529b2021-12-21 11:23:39.194root 11241100x8000000000000000525115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b7e071f66955952021-12-21 11:23:39.194root 11241100x8000000000000000525116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e871e5ac9c66e0c2021-12-21 11:23:39.194root 11241100x8000000000000000525117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8778b429fa8be5ff2021-12-21 11:23:39.194root 11241100x8000000000000000525118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d673aa9094020cdf2021-12-21 11:23:39.194root 11241100x8000000000000000525119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d55b2b9c09897f2021-12-21 11:23:39.194root 11241100x8000000000000000525120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1767c8bd6bace2021-12-21 11:23:39.194root 11241100x8000000000000000525121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53f73edd2e428902021-12-21 11:23:39.194root 11241100x8000000000000000525122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e26be6270edab2021-12-21 11:23:39.194root 11241100x8000000000000000525123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3731ab60ce2388e52021-12-21 11:23:39.194root 11241100x8000000000000000525124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2581eb3a392593452021-12-21 11:23:39.195root 11241100x8000000000000000525125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6cd40a95ff99f2021-12-21 11:23:39.195root 11241100x8000000000000000525126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1300faf314bfee662021-12-21 11:23:39.195root 11241100x8000000000000000525127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529668c40929ba12021-12-21 11:23:39.195root 11241100x8000000000000000525128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80316ef2b7fee24c2021-12-21 11:23:39.195root 11241100x8000000000000000525129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034be204f509e5a2021-12-21 11:23:39.196root 11241100x8000000000000000525130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550ce8910d65f6042021-12-21 11:23:39.196root 11241100x8000000000000000525131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc67b42e3ea50fc42021-12-21 11:23:39.196root 11241100x8000000000000000525132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3883e7ec7f526a72021-12-21 11:23:39.196root 11241100x8000000000000000525133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e810339ede92894f2021-12-21 11:23:39.196root 11241100x8000000000000000525134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab24cb9c037cf85b2021-12-21 11:23:39.196root 11241100x8000000000000000525135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e707980df168e8e32021-12-21 11:23:39.196root 23542300x8000000000000000525136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000525137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2be9cfed1aa11e2021-12-21 11:23:39.693root 11241100x8000000000000000525138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe62fafae102e072021-12-21 11:23:39.693root 11241100x8000000000000000525139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39a8e9ea1283e22021-12-21 11:23:39.693root 11241100x8000000000000000525140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189711ee3d75a6852021-12-21 11:23:39.693root 11241100x8000000000000000525141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b269797c9db0fb032021-12-21 11:23:39.693root 11241100x8000000000000000525142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68928692b261552c2021-12-21 11:23:39.693root 11241100x8000000000000000525143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61edbc33eb25309f2021-12-21 11:23:39.694root 11241100x8000000000000000525144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e72d270d7f88972021-12-21 11:23:39.694root 11241100x8000000000000000525145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dc1a97f19095a02021-12-21 11:23:39.694root 11241100x8000000000000000525146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94c584154cbc542021-12-21 11:23:39.694root 11241100x8000000000000000525147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7fadc1554b6e102021-12-21 11:23:39.694root 11241100x8000000000000000525148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914ae44306a308af2021-12-21 11:23:39.694root 11241100x8000000000000000525149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ffd069c1bfd08b2021-12-21 11:23:39.694root 11241100x8000000000000000525150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db78a47107e61a1b2021-12-21 11:23:39.694root 11241100x8000000000000000525151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b91eaba43af482021-12-21 11:23:39.695root 11241100x8000000000000000525152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fee2641cafbf792021-12-21 11:23:39.695root 11241100x8000000000000000525153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62230407c75562f72021-12-21 11:23:39.695root 11241100x8000000000000000525154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489c639f2ab179362021-12-21 11:23:39.695root 11241100x8000000000000000525155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9f01e24ef79b62021-12-21 11:23:39.696root 11241100x8000000000000000525156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa8bcc4fb7df412021-12-21 11:23:39.696root 11241100x8000000000000000525157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb7c95b1dec42322021-12-21 11:23:39.696root 11241100x8000000000000000525158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a16ad4d8b5fc53b2021-12-21 11:23:39.696root 11241100x8000000000000000525159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92d80c5a3be72b52021-12-21 11:23:39.696root 11241100x8000000000000000525160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70963fb7653e1db92021-12-21 11:23:39.696root 11241100x8000000000000000525161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2053784b30ad131a2021-12-21 11:23:39.696root 11241100x8000000000000000525162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b13ba68b17ca402021-12-21 11:23:39.697root 11241100x8000000000000000525163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5e7fcc8ef9db252021-12-21 11:23:39.697root 11241100x8000000000000000525164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30068bcebd2c82072021-12-21 11:23:39.697root 11241100x8000000000000000525165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6fbe1ec7260e082021-12-21 11:23:39.697root 11241100x8000000000000000525166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ab77593e78f6472021-12-21 11:23:39.697root 11241100x8000000000000000525167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5e279d0981f2c2021-12-21 11:23:39.697root 11241100x8000000000000000525168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd97f4e4d41b47292021-12-21 11:23:39.697root 11241100x8000000000000000525169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718ab5ff314508dd2021-12-21 11:23:40.193root 11241100x8000000000000000525170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b5477b153b01272021-12-21 11:23:40.193root 11241100x8000000000000000525171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf11052a32fa8ce72021-12-21 11:23:40.193root 11241100x8000000000000000525172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24972709bdb2337e2021-12-21 11:23:40.194root 11241100x8000000000000000525173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f82e676506bab2021-12-21 11:23:40.194root 11241100x8000000000000000525174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999d5b6e92fb6ee32021-12-21 11:23:40.194root 11241100x8000000000000000525175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295e6ba9aa068a1a2021-12-21 11:23:40.194root 11241100x8000000000000000525176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1122f8f7130f1b602021-12-21 11:23:40.194root 11241100x8000000000000000525177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19ff58a1da64c0a2021-12-21 11:23:40.194root 11241100x8000000000000000525178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77bb312aa5eba002021-12-21 11:23:40.194root 11241100x8000000000000000525179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4de2e043501961e2021-12-21 11:23:40.195root 11241100x8000000000000000525180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58319998eee4d5582021-12-21 11:23:40.195root 11241100x8000000000000000525181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ee32ad8d9f5412021-12-21 11:23:40.195root 11241100x8000000000000000525182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ea909e659cd9872021-12-21 11:23:40.195root 11241100x8000000000000000525183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a86661f7b1d264a2021-12-21 11:23:40.195root 11241100x8000000000000000525184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fae8fe3a5028cc82021-12-21 11:23:40.195root 11241100x8000000000000000525185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee6eeca4b23806a2021-12-21 11:23:40.195root 11241100x8000000000000000525186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b797d67da0182b92021-12-21 11:23:40.196root 11241100x8000000000000000525187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70a17ac75051e322021-12-21 11:23:40.196root 11241100x8000000000000000525188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd7de2f276edbf12021-12-21 11:23:40.196root 11241100x8000000000000000525189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddad3c8203f52d02021-12-21 11:23:40.196root 11241100x8000000000000000525190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caedc5f2c77565a92021-12-21 11:23:40.196root 11241100x8000000000000000525191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12862bbd6e6633da2021-12-21 11:23:40.196root 11241100x8000000000000000525192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212e578de1b1d5642021-12-21 11:23:40.197root 11241100x8000000000000000525193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30557d9731dd5dc2021-12-21 11:23:40.197root 11241100x8000000000000000525194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c7aec05ec6d8f2021-12-21 11:23:40.197root 11241100x8000000000000000525195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb10148adb12e3952021-12-21 11:23:40.693root 11241100x8000000000000000525196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb8ae2f26dd4c452021-12-21 11:23:40.693root 11241100x8000000000000000525197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0df275421e44e782021-12-21 11:23:40.693root 11241100x8000000000000000525198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f228bc75343804e2021-12-21 11:23:40.693root 11241100x8000000000000000525199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b39c2952d0ff3d42021-12-21 11:23:40.694root 11241100x8000000000000000525200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e8349de77963c2021-12-21 11:23:40.694root 11241100x8000000000000000525201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cf5bdbac3b31ff2021-12-21 11:23:40.694root 11241100x8000000000000000525202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000fb339df57a07e2021-12-21 11:23:40.694root 11241100x8000000000000000525203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e47332114624792021-12-21 11:23:40.694root 11241100x8000000000000000525204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb06827fddb3e342021-12-21 11:23:40.694root 11241100x8000000000000000525205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7fc2779ed084812021-12-21 11:23:40.694root 11241100x8000000000000000525206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe44aaad9a6c45392021-12-21 11:23:40.695root 11241100x8000000000000000525207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f35756be834662021-12-21 11:23:40.695root 11241100x8000000000000000525208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7219cba4f0ea772021-12-21 11:23:40.695root 11241100x8000000000000000525209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188559a1e569e22c2021-12-21 11:23:40.695root 11241100x8000000000000000525210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3985ca6d57b0a6fa2021-12-21 11:23:40.696root 11241100x8000000000000000525211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d903e9f09c069582021-12-21 11:23:40.696root 11241100x8000000000000000525212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35287a181d7983902021-12-21 11:23:40.696root 11241100x8000000000000000525213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96927eb261e79efa2021-12-21 11:23:40.696root 11241100x8000000000000000525214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad515f75948846d32021-12-21 11:23:40.696root 11241100x8000000000000000525215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163e1e8b8eab37852021-12-21 11:23:40.697root 11241100x8000000000000000525216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4be65466122de2021-12-21 11:23:40.697root 11241100x8000000000000000525217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c429873368e0f2021-12-21 11:23:40.697root 11241100x8000000000000000525218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be57466e3d2a42b62021-12-21 11:23:40.697root 11241100x8000000000000000525219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55b43c1e6e2fabf2021-12-21 11:23:40.698root 11241100x8000000000000000525220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee89d00d3b94d812021-12-21 11:23:40.698root 11241100x8000000000000000525221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05934f62d775254a2021-12-21 11:23:40.698root 11241100x8000000000000000525222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0125f97707198c5c2021-12-21 11:23:41.193root 11241100x8000000000000000525223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b80288ffe5fb5202021-12-21 11:23:41.193root 11241100x8000000000000000525224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cf8bfbf788479d2021-12-21 11:23:41.194root 11241100x8000000000000000525225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecba83584e832a82021-12-21 11:23:41.194root 11241100x8000000000000000525226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788416bce2a6d4a2021-12-21 11:23:41.195root 11241100x8000000000000000525227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f8545757617ce2021-12-21 11:23:41.195root 11241100x8000000000000000525228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63359d14294ad832021-12-21 11:23:41.195root 11241100x8000000000000000525229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70ac5173b7c16102021-12-21 11:23:41.196root 11241100x8000000000000000525230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4731d68724a2932021-12-21 11:23:41.197root 11241100x8000000000000000525231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb35c3b14f8446842021-12-21 11:23:41.197root 11241100x8000000000000000525232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feaec6c0d5626072021-12-21 11:23:41.198root 11241100x8000000000000000525233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96546826683c562021-12-21 11:23:41.198root 11241100x8000000000000000525234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caa974525301ddf2021-12-21 11:23:41.200root 11241100x8000000000000000525235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb2d377b1679f732021-12-21 11:23:41.201root 11241100x8000000000000000525236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b01f8d046cfa4c2021-12-21 11:23:41.202root 11241100x8000000000000000525237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef579a0091202edc2021-12-21 11:23:41.202root 11241100x8000000000000000525238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbad08042fe95a002021-12-21 11:23:41.202root 11241100x8000000000000000525239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a231aad236eedf2021-12-21 11:23:41.203root 11241100x8000000000000000525240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac735d1d35408b2f2021-12-21 11:23:41.203root 11241100x8000000000000000525241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ead2bbe74771b3e2021-12-21 11:23:41.204root 11241100x8000000000000000525242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd0b8c0ff8035b2021-12-21 11:23:41.204root 11241100x8000000000000000525243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d734e1fb749bb6632021-12-21 11:23:41.205root 11241100x8000000000000000525244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969aa12a3722fce82021-12-21 11:23:41.205root 11241100x8000000000000000525245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1268f3cf54b27b252021-12-21 11:23:41.206root 11241100x8000000000000000525246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a92f295daf7b9ec2021-12-21 11:23:41.206root 11241100x8000000000000000525247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010db1d8ce2334132021-12-21 11:23:41.207root 11241100x8000000000000000525248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38053aa5f545ad392021-12-21 11:23:41.207root 11241100x8000000000000000525249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477c71701d6ef1e02021-12-21 11:23:41.693root 11241100x8000000000000000525250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b767b3a9d79b672021-12-21 11:23:41.693root 11241100x8000000000000000525251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657bf63033e74b072021-12-21 11:23:41.693root 11241100x8000000000000000525252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b803a513ea5e05f52021-12-21 11:23:41.693root 11241100x8000000000000000525253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104af86790641c292021-12-21 11:23:41.694root 11241100x8000000000000000525254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a335d426462027f52021-12-21 11:23:41.694root 11241100x8000000000000000525255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2005d8f9a084cb2021-12-21 11:23:41.694root 11241100x8000000000000000525256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a208c24ac9d1bea22021-12-21 11:23:41.694root 11241100x8000000000000000525257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44754e8b8539cce2021-12-21 11:23:41.694root 11241100x8000000000000000525258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb811f951a9169ae2021-12-21 11:23:41.694root 11241100x8000000000000000525259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c0cb0b0ee7ad12021-12-21 11:23:41.695root 11241100x8000000000000000525260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4384f7515da348462021-12-21 11:23:41.695root 11241100x8000000000000000525261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8783561a8d12922021-12-21 11:23:41.695root 11241100x8000000000000000525262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a9836d639618a82021-12-21 11:23:41.695root 11241100x8000000000000000525263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f71fef63fec04da2021-12-21 11:23:41.695root 11241100x8000000000000000525264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb01ef3bb969d20c2021-12-21 11:23:41.696root 11241100x8000000000000000525265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b19fa247437fe572021-12-21 11:23:41.696root 11241100x8000000000000000525266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c62d4eb79e5d712021-12-21 11:23:41.696root 11241100x8000000000000000525267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc3c5b543adfd32021-12-21 11:23:41.696root 11241100x8000000000000000525268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15906ba9086fc8d62021-12-21 11:23:41.696root 11241100x8000000000000000525269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db80d04a9414764c2021-12-21 11:23:41.696root 11241100x8000000000000000525270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f9751e7282d7492021-12-21 11:23:41.697root 11241100x8000000000000000525271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7dc364fd9a3af42021-12-21 11:23:41.697root 11241100x8000000000000000525272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c1600a1ba139662021-12-21 11:23:41.697root 11241100x8000000000000000525273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14a0aa79aa65832021-12-21 11:23:41.697root 11241100x8000000000000000525274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaeeb4290de34d62021-12-21 11:23:42.193root 11241100x8000000000000000525275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417ace1eca169592021-12-21 11:23:42.193root 11241100x8000000000000000525276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef4a7d61fa180442021-12-21 11:23:42.194root 11241100x8000000000000000525277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fbc313a118b5922021-12-21 11:23:42.194root 11241100x8000000000000000525278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250b64eac4ef9a2b2021-12-21 11:23:42.194root 11241100x8000000000000000525279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354d59b0183e9f942021-12-21 11:23:42.194root 11241100x8000000000000000525280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970b6a45fb8d29112021-12-21 11:23:42.195root 11241100x8000000000000000525281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fbb0e28f7284632021-12-21 11:23:42.195root 11241100x8000000000000000525282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49bdc62cf7dfc192021-12-21 11:23:42.195root 11241100x8000000000000000525283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea1b0aa9a8ea38e2021-12-21 11:23:42.195root 11241100x8000000000000000525284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2df115e04db28f12021-12-21 11:23:42.195root 11241100x8000000000000000525285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a543f3f20e3ab52021-12-21 11:23:42.195root 11241100x8000000000000000525286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afa40b89c0ad3ca2021-12-21 11:23:42.196root 11241100x8000000000000000525287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83380272e1d2ad862021-12-21 11:23:42.196root 11241100x8000000000000000525288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed6c690a15eb81d2021-12-21 11:23:42.196root 11241100x8000000000000000525289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9451f489931f81692021-12-21 11:23:42.196root 11241100x8000000000000000525290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1451eaca95e63c4b2021-12-21 11:23:42.197root 11241100x8000000000000000525291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdd4ec439da97872021-12-21 11:23:42.197root 11241100x8000000000000000525292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d49e6627fd9d1e2021-12-21 11:23:42.197root 11241100x8000000000000000525293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f180b1d4254bbb2021-12-21 11:23:42.197root 11241100x8000000000000000525294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f86b2bde716d362021-12-21 11:23:42.197root 11241100x8000000000000000525295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce64da185b13e1ed2021-12-21 11:23:42.197root 11241100x8000000000000000525296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3ae19c35eb2b0b2021-12-21 11:23:42.197root 11241100x8000000000000000525297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21b46fbef8379b2021-12-21 11:23:42.198root 11241100x8000000000000000525298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cbab031453ceae2021-12-21 11:23:42.198root 11241100x8000000000000000525299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4d352bf363b862021-12-21 11:23:42.198root 11241100x8000000000000000525300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446c4d2b24318a92021-12-21 11:23:42.198root 11241100x8000000000000000525301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50252b39c401de262021-12-21 11:23:42.198root 11241100x8000000000000000525302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a74b3a00a5eee642021-12-21 11:23:42.198root 11241100x8000000000000000525303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd4b455bdaf9dca2021-12-21 11:23:42.198root 11241100x8000000000000000525304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f83cdd1c2c2b892021-12-21 11:23:42.693root 11241100x8000000000000000525305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cc43158c1185072021-12-21 11:23:42.693root 11241100x8000000000000000525306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74ad29de819ccb32021-12-21 11:23:42.693root 11241100x8000000000000000525307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7821307c75f67672021-12-21 11:23:42.693root 11241100x8000000000000000525308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4537072cca96c222021-12-21 11:23:42.693root 11241100x8000000000000000525309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29af84b91e290f12021-12-21 11:23:42.694root 11241100x8000000000000000525310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a801ab2d4266702021-12-21 11:23:42.694root 11241100x8000000000000000525311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13ba18a511ed2e2021-12-21 11:23:42.694root 11241100x8000000000000000525312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251806d9fa9b40f22021-12-21 11:23:42.695root 11241100x8000000000000000525313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b61201209e61572021-12-21 11:23:42.695root 11241100x8000000000000000525314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771bb534604f0e062021-12-21 11:23:42.696root 11241100x8000000000000000525315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed30ead4380c5212021-12-21 11:23:42.696root 11241100x8000000000000000525316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8593b897700565722021-12-21 11:23:42.696root 11241100x8000000000000000525317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185cbcc36c78564b2021-12-21 11:23:42.697root 11241100x8000000000000000525318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaf290ef5ded8b82021-12-21 11:23:42.697root 11241100x8000000000000000525319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f197dc2bf47051ba2021-12-21 11:23:42.698root 11241100x8000000000000000525320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c600dcbb044b7a62021-12-21 11:23:42.698root 11241100x8000000000000000525321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bed20b920e20a42021-12-21 11:23:42.698root 11241100x8000000000000000525322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e781fba2508c4f02021-12-21 11:23:42.699root 11241100x8000000000000000525323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acb3e85d24b26512021-12-21 11:23:42.699root 11241100x8000000000000000525324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4d0d96b2816e82021-12-21 11:23:42.699root 11241100x8000000000000000525325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec5ccba82da0e12021-12-21 11:23:42.699root 11241100x8000000000000000525326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac4eb7b1f57eaed2021-12-21 11:23:42.700root 11241100x8000000000000000525327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6633d4a0ab8764c02021-12-21 11:23:42.700root 11241100x8000000000000000525328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d40cf4e78cbcccd2021-12-21 11:23:42.700root 11241100x8000000000000000525329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a64069bc955d6f2021-12-21 11:23:42.700root 11241100x8000000000000000525330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf2382f79cf9db12021-12-21 11:23:42.700root 11241100x8000000000000000525331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ddc87db08c51d2021-12-21 11:23:43.193root 11241100x8000000000000000525332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20cbac7858e3b602021-12-21 11:23:43.193root 11241100x8000000000000000525333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cbac268aa3f56b2021-12-21 11:23:43.193root 11241100x8000000000000000525334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3383ac04be9a2f2021-12-21 11:23:43.194root 11241100x8000000000000000525335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce82ea2d48a428ec2021-12-21 11:23:43.194root 11241100x8000000000000000525336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541076c5c718c9eb2021-12-21 11:23:43.194root 11241100x8000000000000000525337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc766aa235f40f812021-12-21 11:23:43.194root 11241100x8000000000000000525338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8ff9b64386a1272021-12-21 11:23:43.194root 11241100x8000000000000000525339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b88ffb8b10888822021-12-21 11:23:43.194root 11241100x8000000000000000525340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30c19a83d78e7522021-12-21 11:23:43.194root 11241100x8000000000000000525341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f01597745e28df2021-12-21 11:23:43.194root 11241100x8000000000000000525342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a047591d3a7d53c2021-12-21 11:23:43.194root 11241100x8000000000000000525343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18104b4c1938ce62021-12-21 11:23:43.195root 11241100x8000000000000000525344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30164f4eeafb922a2021-12-21 11:23:43.195root 11241100x8000000000000000525345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafae91c084e341b2021-12-21 11:23:43.195root 11241100x8000000000000000525346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3638a03beca1316d2021-12-21 11:23:43.195root 11241100x8000000000000000525347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d6ad9ef8a6f0672021-12-21 11:23:43.195root 11241100x8000000000000000525348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8b71821ea5ab412021-12-21 11:23:43.196root 11241100x8000000000000000525349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd73ac5debc7ace2021-12-21 11:23:43.196root 11241100x8000000000000000525350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb03d8c26715692021-12-21 11:23:43.197root 11241100x8000000000000000525351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79721a682071c7b22021-12-21 11:23:43.197root 11241100x8000000000000000525352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c8d4f9534d1e5a2021-12-21 11:23:43.197root 11241100x8000000000000000525353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c64fe17b3204f1f2021-12-21 11:23:43.197root 11241100x8000000000000000525354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ff0d9b4f4ee24b2021-12-21 11:23:43.197root 11241100x8000000000000000525355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf73ed3d7b393582021-12-21 11:23:43.197root 11241100x8000000000000000525356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f840e76d3884632021-12-21 11:23:43.198root 11241100x8000000000000000525357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053aee9ca079384e2021-12-21 11:23:43.198root 11241100x8000000000000000525358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb8e25476179812021-12-21 11:23:43.693root 11241100x8000000000000000525359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa024f1c92cec522021-12-21 11:23:43.693root 11241100x8000000000000000525360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c814f602de7fc972021-12-21 11:23:43.694root 11241100x8000000000000000525361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f201bf3764879902021-12-21 11:23:43.694root 11241100x8000000000000000525362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe20df0f9fadcb862021-12-21 11:23:43.694root 11241100x8000000000000000525363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc2a7f0bb6800b82021-12-21 11:23:43.694root 11241100x8000000000000000525364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caba02dc38bf8612021-12-21 11:23:43.695root 11241100x8000000000000000525365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5529dea54a013e122021-12-21 11:23:43.695root 11241100x8000000000000000525366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d9d0cddba50ed2021-12-21 11:23:43.695root 11241100x8000000000000000525367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c285c965fb02032021-12-21 11:23:43.695root 11241100x8000000000000000525368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2fb9c927431d2c2021-12-21 11:23:43.695root 11241100x8000000000000000525369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00920dbb52193a452021-12-21 11:23:43.695root 11241100x8000000000000000525370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abdf23e03ff46782021-12-21 11:23:43.695root 11241100x8000000000000000525371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d673b5742cf41df2021-12-21 11:23:43.696root 11241100x8000000000000000525372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91c9a30c65af802021-12-21 11:23:43.696root 11241100x8000000000000000525373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853435a306e1e32d2021-12-21 11:23:43.696root 11241100x8000000000000000525374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7137ee70e6e4bef2021-12-21 11:23:43.696root 11241100x8000000000000000525375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061a4ef8d3e770a42021-12-21 11:23:43.696root 11241100x8000000000000000525376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fee93cf8d7bf4c2021-12-21 11:23:43.696root 11241100x8000000000000000525377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e180ed9a999bd2452021-12-21 11:23:43.696root 11241100x8000000000000000525378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954a2ec8e97879e92021-12-21 11:23:43.697root 11241100x8000000000000000525379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921f2868d5dc39562021-12-21 11:23:43.697root 11241100x8000000000000000525380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775572dcd9ee1e3b2021-12-21 11:23:43.697root 11241100x8000000000000000525381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde33c14c4ff1742021-12-21 11:23:43.697root 11241100x8000000000000000525382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0a5a3002bd40532021-12-21 11:23:43.697root 354300x8000000000000000525383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.062{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48476-false10.0.1.12-8000- 11241100x8000000000000000525384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffff60ab70004562021-12-21 11:23:44.063root 11241100x8000000000000000525385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a777e32e20497752021-12-21 11:23:44.063root 11241100x8000000000000000525386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4bb4ea554a9eb52021-12-21 11:23:44.064root 11241100x8000000000000000525387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a94f855500009d52021-12-21 11:23:44.064root 11241100x8000000000000000525388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0f70269c13bd252021-12-21 11:23:44.064root 11241100x8000000000000000525389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099bd6257e5c13c12021-12-21 11:23:44.064root 11241100x8000000000000000525390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d1e6fa6dbfc4ec2021-12-21 11:23:44.064root 11241100x8000000000000000525391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd817c6e9ec6e8a52021-12-21 11:23:44.064root 11241100x8000000000000000525392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc84e44f62e19b92021-12-21 11:23:44.065root 11241100x8000000000000000525393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea84c66b73878ad2021-12-21 11:23:44.065root 11241100x8000000000000000525394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8d89efec5da5282021-12-21 11:23:44.065root 11241100x8000000000000000525395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526011c67326281e2021-12-21 11:23:44.065root 11241100x8000000000000000525396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dfee59e269897c2021-12-21 11:23:44.065root 11241100x8000000000000000525397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5d6b1ab6ec7572021-12-21 11:23:44.065root 11241100x8000000000000000525398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf46ad3146c1d7bf2021-12-21 11:23:44.065root 11241100x8000000000000000525399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6132d83a3b2b6c412021-12-21 11:23:44.066root 11241100x8000000000000000525400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf71ee5c0cd938a62021-12-21 11:23:44.066root 11241100x8000000000000000525401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eae36754c2b4a92021-12-21 11:23:44.067root 11241100x8000000000000000525402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eeaa124c2cd80c2021-12-21 11:23:44.067root 11241100x8000000000000000525403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4613d82e3fc907482021-12-21 11:23:44.067root 11241100x8000000000000000525404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf194310b407f6b02021-12-21 11:23:44.067root 11241100x8000000000000000525405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338cc89f79661902021-12-21 11:23:44.067root 11241100x8000000000000000525406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6575491b6b39d2021-12-21 11:23:44.067root 11241100x8000000000000000525407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.067{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc5c9404221d0f2021-12-21 11:23:44.067root 11241100x8000000000000000525408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3855193ab28884452021-12-21 11:23:44.068root 11241100x8000000000000000525409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab152bb308b2f22021-12-21 11:23:44.068root 11241100x8000000000000000525410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090e12d937b01cb82021-12-21 11:23:44.068root 11241100x8000000000000000525411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3104f86a9254fad32021-12-21 11:23:44.068root 11241100x8000000000000000525412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03534f12e1ff84412021-12-21 11:23:44.068root 11241100x8000000000000000525413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac620032f93731742021-12-21 11:23:44.068root 11241100x8000000000000000525414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55849248db71aa062021-12-21 11:23:44.068root 11241100x8000000000000000525415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce8d6164000192c2021-12-21 11:23:44.068root 11241100x8000000000000000525416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d15afdaaff79e2021-12-21 11:23:44.068root 11241100x8000000000000000525417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70727db81260dd52021-12-21 11:23:44.068root 11241100x8000000000000000525418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276ad60744e49b222021-12-21 11:23:44.068root 11241100x8000000000000000525419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544a3daea9ae6bf12021-12-21 11:23:44.443root 11241100x8000000000000000525420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37cf90c7c2166fa2021-12-21 11:23:44.443root 11241100x8000000000000000525421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167bd80f1577955c2021-12-21 11:23:44.443root 11241100x8000000000000000525422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dfafbd314b65f82021-12-21 11:23:44.443root 11241100x8000000000000000525423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2c31ed20c47f6b2021-12-21 11:23:44.443root 11241100x8000000000000000525424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176940399bf6440c2021-12-21 11:23:44.443root 11241100x8000000000000000525425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b212ec7426d29f02021-12-21 11:23:44.443root 11241100x8000000000000000525426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9264e4f6fe8ce5af2021-12-21 11:23:44.444root 11241100x8000000000000000525427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81315b2fa7fc9f022021-12-21 11:23:44.444root 11241100x8000000000000000525428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e5ceb4aa8ac6da2021-12-21 11:23:44.444root 11241100x8000000000000000525429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12618edb2567f1b2021-12-21 11:23:44.444root 11241100x8000000000000000525430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd487bbd5d55bc182021-12-21 11:23:44.444root 11241100x8000000000000000525431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ced8c592cfc9522021-12-21 11:23:44.444root 11241100x8000000000000000525432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d248c6e4851b79f2021-12-21 11:23:44.444root 11241100x8000000000000000525433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cb8e3a90d32b7c2021-12-21 11:23:44.444root 11241100x8000000000000000525434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05516d85bf13a912021-12-21 11:23:44.445root 11241100x8000000000000000525435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df47ba56bfbdac32021-12-21 11:23:44.445root 11241100x8000000000000000525436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e52438ff57188c42021-12-21 11:23:44.445root 11241100x8000000000000000525437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d327fa3925c3342021-12-21 11:23:44.445root 11241100x8000000000000000525438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93524ff8217c0eae2021-12-21 11:23:44.445root 11241100x8000000000000000525439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633864965912ba712021-12-21 11:23:44.445root 11241100x8000000000000000525440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f72fc4aff34e6152021-12-21 11:23:44.445root 11241100x8000000000000000525441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf9ee58a014e5532021-12-21 11:23:44.445root 11241100x8000000000000000525442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ded7f55b60261232021-12-21 11:23:44.445root 11241100x8000000000000000525443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed2479f4851a182021-12-21 11:23:44.445root 11241100x8000000000000000525444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579272c9c4294322021-12-21 11:23:44.445root 11241100x8000000000000000525445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863d8639422bba9b2021-12-21 11:23:44.445root 11241100x8000000000000000525446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b166ce82fd2b342021-12-21 11:23:44.445root 11241100x8000000000000000525447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bddca7924309402021-12-21 11:23:44.943root 11241100x8000000000000000525448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dea9e2c88fc92e82021-12-21 11:23:44.943root 11241100x8000000000000000525449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333be936744277852021-12-21 11:23:44.943root 11241100x8000000000000000525450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83d05882d4c2abe2021-12-21 11:23:44.944root 11241100x8000000000000000525451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140895d2e42107572021-12-21 11:23:44.944root 11241100x8000000000000000525452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d4bff6f0517ebd2021-12-21 11:23:44.944root 11241100x8000000000000000525453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9964886fc9e7f4de2021-12-21 11:23:44.944root 11241100x8000000000000000525454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acabc57b8ec38b3a2021-12-21 11:23:44.944root 11241100x8000000000000000525455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8d400ea5b43ac22021-12-21 11:23:44.944root 11241100x8000000000000000525456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5de2c6a4fb16432021-12-21 11:23:44.944root 11241100x8000000000000000525457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35bbac412566a6b2021-12-21 11:23:44.944root 11241100x8000000000000000525458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0833b1c03b9532021-12-21 11:23:44.945root 354300x8000000000000000525485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:50.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48478-false10.0.1.12-8000- 11241100x8000000000000000525486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3cca86a0a97a722021-12-21 11:23:50.442root 11241100x8000000000000000525487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f399c0f06231032021-12-21 11:23:50.942root 11241100x8000000000000000525488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:51.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb641dcb37f48e2021-12-21 11:23:51.442root 11241100x8000000000000000525489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:51.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410ca9ebf824cd42021-12-21 11:23:51.942root 11241100x8000000000000000525490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f738b5f8265efe8a2021-12-21 11:23:52.442root 11241100x8000000000000000525491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:52.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009ae01fdc8523402021-12-21 11:23:52.942root 11241100x8000000000000000525492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21750ca6afd980f72021-12-21 11:23:53.442root 11241100x8000000000000000525493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:53.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15ab994c07683022021-12-21 11:23:53.942root 11241100x8000000000000000525494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:54.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd50525f25cc8972021-12-21 11:23:54.442root 11241100x8000000000000000525495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c44b06ba929152021-12-21 11:23:54.942root 354300x8000000000000000525496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48480-false10.0.1.12-8000- 11241100x8000000000000000525497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c3f94e864e46bc2021-12-21 11:23:55.442root 11241100x8000000000000000525498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8480053ef101152021-12-21 11:23:55.442root 11241100x8000000000000000525499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500e462255652b62021-12-21 11:23:55.942root 11241100x8000000000000000525500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104698cb7ed0a20b2021-12-21 11:23:55.943root 11241100x8000000000000000525501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e755223459db41182021-12-21 11:23:56.442root 11241100x8000000000000000525502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36c4baa2be93412021-12-21 11:23:56.443root 11241100x8000000000000000525503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc60094a88f8392021-12-21 11:23:56.942root 11241100x8000000000000000525504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec4f657460a8ef02021-12-21 11:23:56.943root 11241100x8000000000000000525505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63649f19fcb4da82021-12-21 11:23:57.442root 11241100x8000000000000000525506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd212e1cd5875ecf2021-12-21 11:23:57.443root 11241100x8000000000000000525507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212ff5635bc498452021-12-21 11:23:57.942root 11241100x8000000000000000525508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ddb33c816472282021-12-21 11:23:57.943root 11241100x8000000000000000525509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add133914682763d2021-12-21 11:23:58.442root 11241100x8000000000000000525510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd4a180ca889aa2021-12-21 11:23:58.442root 11241100x8000000000000000525511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848aeff1c17e7eca2021-12-21 11:23:58.942root 11241100x8000000000000000525512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b65dbb5897ecd62021-12-21 11:23:58.943root 11241100x8000000000000000525513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855bc40450b9465e2021-12-21 11:23:59.442root 11241100x8000000000000000525514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a916af5e99d45d2021-12-21 11:23:59.443root 11241100x8000000000000000525515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9197706b01f8b522021-12-21 11:23:59.942root 11241100x8000000000000000525516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:23:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b2b2c8b0a59202021-12-21 11:23:59.943root 11241100x8000000000000000525517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7f5842aac6f3b2021-12-21 11:24:00.442root 11241100x8000000000000000525518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689b251e9a6f5b642021-12-21 11:24:00.443root 11241100x8000000000000000525519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff0096ea71d97f12021-12-21 11:24:00.942root 11241100x8000000000000000525520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e884e05696cbe2021-12-21 11:24:00.942root 354300x8000000000000000525521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48482-false10.0.1.12-8000- 11241100x8000000000000000525522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a300efed4feffc642021-12-21 11:24:01.442root 11241100x8000000000000000525523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc277b4a51339b952021-12-21 11:24:01.443root 11241100x8000000000000000525524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d194cd15ec720672021-12-21 11:24:01.443root 11241100x8000000000000000525525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9834cd11b4451f82021-12-21 11:24:01.942root 11241100x8000000000000000525526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1387b8e4514f128a2021-12-21 11:24:01.943root 11241100x8000000000000000525527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ed92bd83ac3bd22021-12-21 11:24:01.943root 11241100x8000000000000000525528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a64ab24a10346f2021-12-21 11:24:02.442root 11241100x8000000000000000525529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a31a8c3ac1744b42021-12-21 11:24:02.443root 11241100x8000000000000000525530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdea7a1a77cf33d32021-12-21 11:24:02.443root 11241100x8000000000000000525531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d4c320b941892a2021-12-21 11:24:02.942root 11241100x8000000000000000525532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8710443d0ead64c2021-12-21 11:24:02.943root 11241100x8000000000000000525533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e8ca71de4cba92021-12-21 11:24:02.943root 11241100x8000000000000000525534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e04a6c2212859d2021-12-21 11:24:03.442root 11241100x8000000000000000525535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd33967e5e57c192021-12-21 11:24:03.443root 11241100x8000000000000000525536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63166d3052eca152021-12-21 11:24:03.443root 11241100x8000000000000000525537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb84f62c28b0ba052021-12-21 11:24:03.942root 11241100x8000000000000000525538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50913fcc9ccd71902021-12-21 11:24:03.943root 11241100x8000000000000000525539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a8a43c93e845e2021-12-21 11:24:03.943root 11241100x8000000000000000525540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e9a4ad8ece4bc2021-12-21 11:24:04.442root 11241100x8000000000000000525541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebf9ea4cc389ad22021-12-21 11:24:04.443root 11241100x8000000000000000525542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61752d1fbdc2bbd2021-12-21 11:24:04.443root 11241100x8000000000000000525543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb29b7871663cd2021-12-21 11:24:04.942root 11241100x8000000000000000525544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90673e65618021282021-12-21 11:24:04.943root 11241100x8000000000000000525545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96109b0d658a11a32021-12-21 11:24:04.943root 11241100x8000000000000000525546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3153cdc79799f52021-12-21 11:24:05.442root 11241100x8000000000000000525547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f62e366eca2f5d2021-12-21 11:24:05.443root 11241100x8000000000000000525548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57785b2fdad6c9642021-12-21 11:24:05.443root 11241100x8000000000000000525549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761b46edbd3acd1f2021-12-21 11:24:05.942root 11241100x8000000000000000525550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653a1921760008842021-12-21 11:24:05.943root 11241100x8000000000000000525551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97a56b912d80a9f2021-12-21 11:24:05.943root 354300x8000000000000000525552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48484-false10.0.1.12-8000- 11241100x8000000000000000525553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:24:06.329root 11241100x8000000000000000525554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4aee47192db20f2021-12-21 11:24:06.330root 11241100x8000000000000000525555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d394ac896a3d24842021-12-21 11:24:06.330root 11241100x8000000000000000525556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0de6ac9620d9a2021-12-21 11:24:06.330root 11241100x8000000000000000525557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06974efc251025212021-12-21 11:24:06.330root 11241100x8000000000000000525558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dfeb8c4eb6b88d2021-12-21 11:24:06.693root 11241100x8000000000000000525559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939ec2bfdc31baae2021-12-21 11:24:06.693root 11241100x8000000000000000525560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f4d246e10bd70c2021-12-21 11:24:06.693root 11241100x8000000000000000525561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f011878f65fca02021-12-21 11:24:06.693root 11241100x8000000000000000525562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9786ccd9fb312b2021-12-21 11:24:06.693root 11241100x8000000000000000525563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c542e736e94f81e72021-12-21 11:24:07.193root 11241100x8000000000000000525564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abc6c9a65371fa32021-12-21 11:24:07.193root 11241100x8000000000000000525565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0df77be0087cb5d2021-12-21 11:24:07.193root 11241100x8000000000000000525566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d320c1e44bd48b522021-12-21 11:24:07.193root 11241100x8000000000000000525567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9528dd2cdd91c2021-12-21 11:24:07.193root 11241100x8000000000000000525568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc7781c50cc1b392021-12-21 11:24:07.692root 11241100x8000000000000000525569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28690bd3c4f801c52021-12-21 11:24:07.693root 11241100x8000000000000000525570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec20b698da6e2902021-12-21 11:24:07.693root 11241100x8000000000000000525571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e748617617fcea5e2021-12-21 11:24:07.693root 11241100x8000000000000000525572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b6189a32f0d9af2021-12-21 11:24:07.693root 11241100x8000000000000000525573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c44ecb1de7a902021-12-21 11:24:08.193root 11241100x8000000000000000525574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2b0b861c2dbbe92021-12-21 11:24:08.193root 11241100x8000000000000000525575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2923b729507db92021-12-21 11:24:08.193root 11241100x8000000000000000525576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f420940d3c0fac7e2021-12-21 11:24:08.193root 11241100x8000000000000000525577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c181dd01533042a2021-12-21 11:24:08.193root 11241100x8000000000000000525578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150d370544fa1572021-12-21 11:24:08.693root 11241100x8000000000000000525579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e364d4290ed29ad62021-12-21 11:24:08.693root 11241100x8000000000000000525580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5d28e6fa98d2a2021-12-21 11:24:08.693root 11241100x8000000000000000525581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e67519d40181fc2021-12-21 11:24:08.693root 11241100x8000000000000000525582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b820267bed010202021-12-21 11:24:08.693root 11241100x8000000000000000525583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca5fc4a6f91c7eb2021-12-21 11:24:09.193root 11241100x8000000000000000525584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f4b1ea8faf8b0c2021-12-21 11:24:09.193root 11241100x8000000000000000525585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a388a3910da062021-12-21 11:24:09.193root 11241100x8000000000000000525586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992d5695431ca1d22021-12-21 11:24:09.193root 11241100x8000000000000000525587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03e833f554dca302021-12-21 11:24:09.193root 23542300x8000000000000000525588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.330{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000525589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe6352968cd43672021-12-21 11:24:09.693root 11241100x8000000000000000525590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce212adcb24eed3a2021-12-21 11:24:09.693root 11241100x8000000000000000525591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8f609cf9df5562021-12-21 11:24:09.693root 11241100x8000000000000000525592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569b9cfbd7025a922021-12-21 11:24:09.693root 11241100x8000000000000000525593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a096b8f4c5dcadda2021-12-21 11:24:09.693root 11241100x8000000000000000525594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73309776fa6ed85d2021-12-21 11:24:09.693root 11241100x8000000000000000525595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3501073bc63a0062021-12-21 11:24:10.193root 11241100x8000000000000000525596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b448f8222ba45d2021-12-21 11:24:10.193root 11241100x8000000000000000525597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa80ce6600920d322021-12-21 11:24:10.193root 11241100x8000000000000000525598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea8a7e6095ac1342021-12-21 11:24:10.193root 11241100x8000000000000000525599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df321a073d7fa092021-12-21 11:24:10.193root 11241100x8000000000000000525600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf120408e6666f2021-12-21 11:24:10.193root 11241100x8000000000000000525601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a5bf62b61a56fd2021-12-21 11:24:10.693root 11241100x8000000000000000525602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec4852982722c52021-12-21 11:24:10.693root 11241100x8000000000000000525603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b83aa6d53708d1b2021-12-21 11:24:10.693root 11241100x8000000000000000525604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dc9fec80bb02062021-12-21 11:24:10.693root 11241100x8000000000000000525605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26f8d6548b235cd2021-12-21 11:24:10.693root 11241100x8000000000000000525606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b6ee24ffd578992021-12-21 11:24:10.693root 11241100x8000000000000000525607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236dc945587892602021-12-21 11:24:11.193root 11241100x8000000000000000525608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e21e4676b6bcd2021-12-21 11:24:11.193root 11241100x8000000000000000525609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578f38e05750add72021-12-21 11:24:11.193root 11241100x8000000000000000525610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aed6f4e1386619f2021-12-21 11:24:11.193root 11241100x8000000000000000525611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2fa87e7facff5c2021-12-21 11:24:11.193root 11241100x8000000000000000525612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5174000a9a7b8eb2021-12-21 11:24:11.193root 11241100x8000000000000000525613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1983abd22b7e3f0d2021-12-21 11:24:11.693root 11241100x8000000000000000525614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55665c4bcb7b0d182021-12-21 11:24:11.693root 11241100x8000000000000000525615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95269fad4dcbb1f92021-12-21 11:24:11.694root 11241100x8000000000000000525616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af898d61717fb28a2021-12-21 11:24:11.694root 11241100x8000000000000000525617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac630ec1b68b37f2021-12-21 11:24:11.694root 11241100x8000000000000000525618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca72881e5508802021-12-21 11:24:11.694root 354300x8000000000000000525619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48486-false10.0.1.12-8000- 11241100x8000000000000000525620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc56fc18990fcfc02021-12-21 11:24:12.090root 11241100x8000000000000000525621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f31ff91289bbe6c2021-12-21 11:24:12.091root 11241100x8000000000000000525622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98f465d47831ed2021-12-21 11:24:12.091root 11241100x8000000000000000525623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8703e12375634f2021-12-21 11:24:12.091root 11241100x8000000000000000525624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460dff6eb578de3a2021-12-21 11:24:12.091root 11241100x8000000000000000525625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d563de50b95462021-12-21 11:24:12.091root 11241100x8000000000000000525626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9b98f18d163af2021-12-21 11:24:12.091root 11241100x8000000000000000525627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93463bd3bad4cb42021-12-21 11:24:12.442root 11241100x8000000000000000525628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cd2b00fcfca8052021-12-21 11:24:12.443root 11241100x8000000000000000525629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a72c35c0fc9c85c2021-12-21 11:24:12.443root 11241100x8000000000000000525630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4328ae30a9595dc2021-12-21 11:24:12.443root 11241100x8000000000000000525631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a736ed50bbba80a2021-12-21 11:24:12.444root 11241100x8000000000000000525632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623863b81c72f8f2021-12-21 11:24:12.444root 11241100x8000000000000000525633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cff60f0fba16cf2021-12-21 11:24:12.444root 154100x8000000000000000525634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.860{ec2b6afe-b95c-61c1-6864-ada4b9550000}9862/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000525635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ceb20b2ff96452021-12-21 11:24:12.861root 11241100x8000000000000000525636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a226e0b405dd46972021-12-21 11:24:12.861root 11241100x8000000000000000525637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792c03d1cc98bb92021-12-21 11:24:12.861root 11241100x8000000000000000525638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.861{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1c8c4d84d3a3c22021-12-21 11:24:12.861root 11241100x8000000000000000525639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6530613ff2ac1e12021-12-21 11:24:12.862root 11241100x8000000000000000525640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a9402b2c6f81e12021-12-21 11:24:12.862root 11241100x8000000000000000525641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4abd8c5e741fa892021-12-21 11:24:12.862root 11241100x8000000000000000525642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.862{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0184b4551a5f02021-12-21 11:24:12.862root 534500x8000000000000000525643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:12.872{ec2b6afe-b95c-61c1-6864-ada4b9550000}9862/bin/psroot 11241100x8000000000000000525644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a2cd93007567462021-12-21 11:24:13.193root 11241100x8000000000000000525645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f1ad39f8abd312021-12-21 11:24:13.193root 11241100x8000000000000000525646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07fbbd3f98a6dc92021-12-21 11:24:13.193root 11241100x8000000000000000525647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dcdb1aa37c80762021-12-21 11:24:13.193root 11241100x8000000000000000525648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8810aff5a3c44c6d2021-12-21 11:24:13.193root 11241100x8000000000000000525649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34e28d3ed7410f2021-12-21 11:24:13.193root 11241100x8000000000000000525650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4ac8e9abc35f082021-12-21 11:24:13.193root 11241100x8000000000000000525651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36902feb2e60fdc92021-12-21 11:24:13.193root 11241100x8000000000000000525652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308a82424ebb001f2021-12-21 11:24:13.193root 11241100x8000000000000000525653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d2407a2010e4bc2021-12-21 11:24:13.693root 11241100x8000000000000000525654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288693c2c7a48132021-12-21 11:24:13.693root 11241100x8000000000000000525655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e24087078972242021-12-21 11:24:13.693root 11241100x8000000000000000525656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecdf61f57a592512021-12-21 11:24:13.693root 11241100x8000000000000000525657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b2a984e98122932021-12-21 11:24:13.693root 11241100x8000000000000000525658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df45ef393be9112021-12-21 11:24:13.694root 11241100x8000000000000000525659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41dc0713dd4b3e42021-12-21 11:24:13.694root 11241100x8000000000000000525660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a73b3329d5111c92021-12-21 11:24:13.694root 11241100x8000000000000000525661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95401f3885ef6792021-12-21 11:24:13.694root 11241100x8000000000000000525662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57468bcb3888643b2021-12-21 11:24:14.193root 11241100x8000000000000000525663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b86ee77872006ca2021-12-21 11:24:14.193root 11241100x8000000000000000525664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84bc1da26224cc62021-12-21 11:24:14.193root 11241100x8000000000000000525665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98d3c59130f71612021-12-21 11:24:14.193root 11241100x8000000000000000525666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd9d99402cffb42021-12-21 11:24:14.193root 11241100x8000000000000000525667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f7de064b296ec52021-12-21 11:24:14.193root 11241100x8000000000000000525668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c0175777416bc82021-12-21 11:24:14.193root 11241100x8000000000000000525669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5709ab9f80f8aba22021-12-21 11:24:14.193root 11241100x8000000000000000525670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d816f6385f08e2021-12-21 11:24:14.194root 11241100x8000000000000000525671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500540f6acf26b5c2021-12-21 11:24:14.693root 11241100x8000000000000000525672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27137b05720459052021-12-21 11:24:14.693root 11241100x8000000000000000525673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb42853ddf6748a62021-12-21 11:24:14.693root 11241100x8000000000000000525674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7451d73779a5db2021-12-21 11:24:14.693root 11241100x8000000000000000525675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1a6641037405cb2021-12-21 11:24:14.693root 11241100x8000000000000000525676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d384fe639d21bfc2021-12-21 11:24:14.693root 11241100x8000000000000000525677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b358aef3365d3f2021-12-21 11:24:14.693root 11241100x8000000000000000525678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d715a5f46d2e882021-12-21 11:24:14.693root 11241100x8000000000000000525679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa8d417ae37fdf02021-12-21 11:24:14.693root 11241100x8000000000000000525680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9252913526f6637b2021-12-21 11:24:15.193root 11241100x8000000000000000525681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe97b1d23e13fb22021-12-21 11:24:15.193root 11241100x8000000000000000525682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8142a1de0d73d2021-12-21 11:24:15.193root 11241100x8000000000000000525683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014eac2c5c929b32021-12-21 11:24:15.193root 11241100x8000000000000000525684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23bef39e79040582021-12-21 11:24:15.193root 11241100x8000000000000000525685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e422b4e7a919b702021-12-21 11:24:15.193root 11241100x8000000000000000525686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e970fd2ca70d02021-12-21 11:24:15.193root 11241100x8000000000000000525687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2964c9dd8485f22021-12-21 11:24:15.193root 11241100x8000000000000000525688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d142df8e2f7f1352021-12-21 11:24:15.194root 11241100x8000000000000000525689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ceaac8a4afc4562021-12-21 11:24:15.693root 11241100x8000000000000000525690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03139615bdbc015d2021-12-21 11:24:15.693root 11241100x8000000000000000525691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116866a97098b292021-12-21 11:24:15.693root 11241100x8000000000000000525692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf49d2dacbdd7c92021-12-21 11:24:15.693root 11241100x8000000000000000525693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c225860d7c68a4292021-12-21 11:24:15.693root 11241100x8000000000000000525694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5201df622474c42021-12-21 11:24:15.693root 11241100x8000000000000000525695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4292c23d86a14f2021-12-21 11:24:15.693root 11241100x8000000000000000525696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ec7d99aec35b1c2021-12-21 11:24:15.693root 11241100x8000000000000000525697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18f85e5b42449bc2021-12-21 11:24:15.693root 11241100x8000000000000000525698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be39b06d7390f6d42021-12-21 11:24:16.193root 11241100x8000000000000000525699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373657f09d7c559e2021-12-21 11:24:16.193root 11241100x8000000000000000525700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bc43e77c1d9fc72021-12-21 11:24:16.193root 11241100x8000000000000000525701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81abdaddc0e809262021-12-21 11:24:16.193root 11241100x8000000000000000525702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a2f96cf704b98e2021-12-21 11:24:16.193root 11241100x8000000000000000525703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ea88dfd33520ba2021-12-21 11:24:16.193root 11241100x8000000000000000525704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47af70f7fed5202021-12-21 11:24:16.194root 11241100x8000000000000000525705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d71cc929bc5c5f82021-12-21 11:24:16.194root 11241100x8000000000000000525706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcc1c606878824d2021-12-21 11:24:16.194root 11241100x8000000000000000525707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8929c767f28f65de2021-12-21 11:24:16.693root 11241100x8000000000000000525708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e0c98a24b6c422021-12-21 11:24:16.693root 11241100x8000000000000000525709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2349c5e7368285ea2021-12-21 11:24:16.693root 11241100x8000000000000000525710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1a04c41f4a78352021-12-21 11:24:16.693root 11241100x8000000000000000525711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3301c2d994c8c0a92021-12-21 11:24:16.693root 11241100x8000000000000000525712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717873d5856750982021-12-21 11:24:16.693root 11241100x8000000000000000525713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c5d30002f0d822021-12-21 11:24:16.693root 11241100x8000000000000000525714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9cfe0848c76db2021-12-21 11:24:16.694root 11241100x8000000000000000525715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e12aedcfb963de2021-12-21 11:24:16.694root 11241100x8000000000000000525716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1772c90319cb4c062021-12-21 11:24:17.193root 11241100x8000000000000000525717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ab9f9c4b3774a72021-12-21 11:24:17.193root 11241100x8000000000000000525718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206724e59b0deb0f2021-12-21 11:24:17.193root 11241100x8000000000000000525719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dcf0e08c8253fa2021-12-21 11:24:17.193root 11241100x8000000000000000525720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37eb0964cb05dbd2021-12-21 11:24:17.193root 11241100x8000000000000000525721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b101958fd3ed1942021-12-21 11:24:17.193root 11241100x8000000000000000525722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eae675876075ec2021-12-21 11:24:17.194root 11241100x8000000000000000525723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2ff8c629d179132021-12-21 11:24:17.194root 11241100x8000000000000000525724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2a3c5fcb0959942021-12-21 11:24:17.194root 11241100x8000000000000000525725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c641e3161f507a52021-12-21 11:24:17.693root 11241100x8000000000000000525726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f700e8f25c4ad02021-12-21 11:24:17.693root 11241100x8000000000000000525727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d693ace8a5e5202021-12-21 11:24:17.693root 11241100x8000000000000000525728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab7c981602bed42021-12-21 11:24:17.693root 11241100x8000000000000000525729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2682005f2c2ae9562021-12-21 11:24:17.693root 11241100x8000000000000000525730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25020a6906d258322021-12-21 11:24:17.693root 11241100x8000000000000000525731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c80987c666348a2021-12-21 11:24:17.694root 11241100x8000000000000000525732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d2582e2b01f782021-12-21 11:24:17.694root 11241100x8000000000000000525733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a876c38e88c2a42021-12-21 11:24:17.694root 354300x8000000000000000525734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.024{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48488-false10.0.1.12-8000- 11241100x8000000000000000525735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a63016efbbff6722021-12-21 11:24:18.025root 11241100x8000000000000000525736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27134d043e363b292021-12-21 11:24:18.026root 11241100x8000000000000000525737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed237f4500c2f8d52021-12-21 11:24:18.026root 11241100x8000000000000000525738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eb126cf6e05a862021-12-21 11:24:18.026root 11241100x8000000000000000525739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b474be1408c6dd7b2021-12-21 11:24:18.026root 11241100x8000000000000000525740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f953c05305d36a822021-12-21 11:24:18.026root 11241100x8000000000000000525741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc8ea8694d882682021-12-21 11:24:18.026root 11241100x8000000000000000525742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cea81b6583265b2021-12-21 11:24:18.026root 11241100x8000000000000000525743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ab2e4ce7800f32021-12-21 11:24:18.026root 11241100x8000000000000000525744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94e8975c372f812021-12-21 11:24:18.026root 11241100x8000000000000000525745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80afad5d5ec7a892021-12-21 11:24:18.026root 11241100x8000000000000000525746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99534c39b30968bb2021-12-21 11:24:18.443root 11241100x8000000000000000525747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914ff2b4ea702d72021-12-21 11:24:18.443root 11241100x8000000000000000525748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d3c6d611b1c0a2021-12-21 11:24:18.444root 11241100x8000000000000000525749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e01ed5a921d8f42021-12-21 11:24:18.444root 11241100x8000000000000000525750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec52f463dffc5bbb2021-12-21 11:24:18.444root 11241100x8000000000000000525751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e8533de085905f2021-12-21 11:24:18.444root 11241100x8000000000000000525752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8cbb05ec611c232021-12-21 11:24:18.444root 11241100x8000000000000000525753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf46fb4c513a5f62021-12-21 11:24:18.444root 11241100x8000000000000000525754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db0787fa597b46f2021-12-21 11:24:18.444root 11241100x8000000000000000525755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b683004ba9397a2c2021-12-21 11:24:18.444root 11241100x8000000000000000525756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d66403971a73082021-12-21 11:24:18.943root 11241100x8000000000000000525757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7f4854008255a72021-12-21 11:24:18.943root 11241100x8000000000000000525758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b1d151e7e591c72021-12-21 11:24:18.943root 11241100x8000000000000000525759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdb4a01b0b364fc2021-12-21 11:24:18.943root 11241100x8000000000000000525760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3dc624c713e6d42021-12-21 11:24:18.943root 11241100x8000000000000000525761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa22e8c417dca242021-12-21 11:24:18.944root 11241100x8000000000000000525762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948077db054f6b1e2021-12-21 11:24:18.944root 11241100x8000000000000000525763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daad618c34e7f3b92021-12-21 11:24:18.944root 11241100x8000000000000000525764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ecad57d731d3e2021-12-21 11:24:18.944root 11241100x8000000000000000525765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf130bf54c7c48072021-12-21 11:24:18.944root 11241100x8000000000000000525766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6942ac9f6292432021-12-21 11:24:19.443root 11241100x8000000000000000525767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaea4a8dfa6210f2021-12-21 11:24:19.443root 11241100x8000000000000000525768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686333781d0dd92b2021-12-21 11:24:19.443root 11241100x8000000000000000525769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4506181b3827802021-12-21 11:24:19.443root 11241100x8000000000000000525770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad81390f1d623a62021-12-21 11:24:19.443root 11241100x8000000000000000525771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f90724fcfa5ca62021-12-21 11:24:19.443root 11241100x8000000000000000525772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d359262e8b9a5b2021-12-21 11:24:19.443root 11241100x8000000000000000525773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8532827cffbc2db82021-12-21 11:24:19.443root 11241100x8000000000000000525774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f867d8610185cf1e2021-12-21 11:24:19.443root 11241100x8000000000000000525775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31832e8acb8c190d2021-12-21 11:24:19.444root 11241100x8000000000000000525776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17069ee8d125f142021-12-21 11:24:19.943root 11241100x8000000000000000525777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de6928af5b5af222021-12-21 11:24:19.943root 11241100x8000000000000000525778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48a704cc1fd1032021-12-21 11:24:19.943root 11241100x8000000000000000525779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370e463e6a1bef962021-12-21 11:24:19.943root 11241100x8000000000000000525780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c3f9f1c39fc02a2021-12-21 11:24:19.943root 11241100x8000000000000000525781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db5d5d1afb3a6242021-12-21 11:24:19.943root 11241100x8000000000000000525782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598e29a5aab18f0b2021-12-21 11:24:19.943root 11241100x8000000000000000525783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c1b5231e0c0cf22021-12-21 11:24:19.943root 11241100x8000000000000000525784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f6656fae123332021-12-21 11:24:19.944root 11241100x8000000000000000525785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f52122b133c2eb2021-12-21 11:24:19.944root 11241100x8000000000000000525786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9005f7205cb75e2021-12-21 11:24:20.443root 11241100x8000000000000000525787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd434c715546e0812021-12-21 11:24:20.443root 11241100x8000000000000000525788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0afb68d3f43cec2021-12-21 11:24:20.443root 11241100x8000000000000000525789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efcf2ade6e771cc2021-12-21 11:24:20.443root 11241100x8000000000000000525790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be90119e8107ddcf2021-12-21 11:24:20.443root 11241100x8000000000000000525791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc39e3526e0e87f2021-12-21 11:24:20.443root 11241100x8000000000000000525792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6a8d92ebf0795e2021-12-21 11:24:20.443root 11241100x8000000000000000525793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686406d55bcb5de2021-12-21 11:24:20.444root 11241100x8000000000000000525794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2450000b30729de12021-12-21 11:24:20.444root 11241100x8000000000000000525795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fc55936dbbb1e72021-12-21 11:24:20.444root 11241100x8000000000000000525796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceb5179d2a6bbdc2021-12-21 11:24:20.943root 11241100x8000000000000000525797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2226b2aec2f4f3292021-12-21 11:24:20.943root 11241100x8000000000000000525798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4176cf067a66c572021-12-21 11:24:20.943root 11241100x8000000000000000525799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10d905d93c2cc72021-12-21 11:24:20.943root 11241100x8000000000000000525800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883a32da6e4562112021-12-21 11:24:20.943root 11241100x8000000000000000525801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9415f907ffcdf32021-12-21 11:24:20.943root 11241100x8000000000000000525802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d3a979a0c004ec2021-12-21 11:24:20.943root 11241100x8000000000000000525803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64687180a4f807772021-12-21 11:24:20.943root 11241100x8000000000000000525804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3ab6fe36f4c8482021-12-21 11:24:20.943root 11241100x8000000000000000525805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6694ef8c968a4012021-12-21 11:24:20.944root 11241100x8000000000000000525806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20ef300d600d092021-12-21 11:24:21.443root 11241100x8000000000000000525807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f30cdff0204d782021-12-21 11:24:21.443root 11241100x8000000000000000525808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fb7cb707983ee12021-12-21 11:24:21.443root 11241100x8000000000000000525809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6112423445036ef32021-12-21 11:24:21.443root 11241100x8000000000000000525810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427baff77ca21e562021-12-21 11:24:21.443root 11241100x8000000000000000525811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a006a2b608a406072021-12-21 11:24:21.443root 11241100x8000000000000000525812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaca487323876ca2021-12-21 11:24:21.443root 11241100x8000000000000000525813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6898dde6a436835b2021-12-21 11:24:21.443root 11241100x8000000000000000525814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb612a68c3ca19a2021-12-21 11:24:21.444root 11241100x8000000000000000525815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d011c56a8a6162f2021-12-21 11:24:21.444root 11241100x8000000000000000525816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac0fe30a3cd82d92021-12-21 11:24:21.943root 11241100x8000000000000000525817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4272366fbb99cfb2021-12-21 11:24:21.943root 11241100x8000000000000000525818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d2433d603dc6c2021-12-21 11:24:21.943root 11241100x8000000000000000525819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b54d8be1210da12021-12-21 11:24:21.943root 11241100x8000000000000000525820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd34fdd3fc6cab2021-12-21 11:24:21.943root 11241100x8000000000000000525821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29460b9836dea132021-12-21 11:24:21.943root 11241100x8000000000000000525822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74f72240b72d9ed2021-12-21 11:24:21.943root 11241100x8000000000000000525823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a47435618efc30d2021-12-21 11:24:21.943root 11241100x8000000000000000525824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ce7050341f26b82021-12-21 11:24:21.944root 11241100x8000000000000000525825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5036cc64bb4d562021-12-21 11:24:21.944root 11241100x8000000000000000525826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc87659614c56ce02021-12-21 11:24:22.443root 11241100x8000000000000000525827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03002900f4ff8a822021-12-21 11:24:22.443root 11241100x8000000000000000525828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ce4b36ba8a759a2021-12-21 11:24:22.443root 11241100x8000000000000000525829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ed558eccfe9ce62021-12-21 11:24:22.443root 11241100x8000000000000000525830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2776789869d46a2021-12-21 11:24:22.443root 11241100x8000000000000000525831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31b72713d48fbc02021-12-21 11:24:22.443root 11241100x8000000000000000525832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bf196aea9fb8962021-12-21 11:24:22.444root 11241100x8000000000000000525833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54758691b97c912021-12-21 11:24:22.444root 11241100x8000000000000000525834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54de0ad38b28ae3a2021-12-21 11:24:22.444root 11241100x8000000000000000525835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8420579ec663477c2021-12-21 11:24:22.444root 11241100x8000000000000000525836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039e83df328743162021-12-21 11:24:22.943root 11241100x8000000000000000525837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb47959d9d7d20c2021-12-21 11:24:22.943root 11241100x8000000000000000525838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418292e84535a1322021-12-21 11:24:22.943root 11241100x8000000000000000525839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8396920f89c7a382021-12-21 11:24:22.943root 11241100x8000000000000000525840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc05c06cea79eb102021-12-21 11:24:22.943root 11241100x8000000000000000525841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5962a7b9b58608042021-12-21 11:24:22.943root 11241100x8000000000000000525842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4016125bc2a1b3e2021-12-21 11:24:22.944root 11241100x8000000000000000525843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14fa04fda47a3a32021-12-21 11:24:22.944root 11241100x8000000000000000525844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292c02e7b2d537e2021-12-21 11:24:22.944root 11241100x8000000000000000525845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3f4e1b541823df2021-12-21 11:24:22.944root 354300x8000000000000000525846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.095{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48490-false10.0.1.12-8000- 11241100x8000000000000000525847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c946fbda804b6252021-12-21 11:24:23.443root 11241100x8000000000000000525848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf4fcce27f964592021-12-21 11:24:23.443root 11241100x8000000000000000525849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9ce1d186783ac2021-12-21 11:24:23.443root 11241100x8000000000000000525850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397762f2db2789682021-12-21 11:24:23.443root 11241100x8000000000000000525851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6399adccdc29d2021-12-21 11:24:23.443root 11241100x8000000000000000525852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5553b7b4224705332021-12-21 11:24:23.443root 11241100x8000000000000000525853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c5f32b3205ec52021-12-21 11:24:23.443root 11241100x8000000000000000525854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d164bc31410ae02021-12-21 11:24:23.444root 11241100x8000000000000000525855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076321ab86b36d822021-12-21 11:24:23.444root 11241100x8000000000000000525856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af6a2a5a46520f02021-12-21 11:24:23.444root 11241100x8000000000000000525857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ce51f1788523612021-12-21 11:24:23.444root 11241100x8000000000000000525858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9261f72d6ea39d9d2021-12-21 11:24:23.943root 11241100x8000000000000000525859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab5db3de1066e3e2021-12-21 11:24:23.943root 11241100x8000000000000000525860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2361a879fb32f4922021-12-21 11:24:23.943root 11241100x8000000000000000525861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c63a0cb6319b6b2021-12-21 11:24:23.943root 11241100x8000000000000000525862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f6193b50177d4b2021-12-21 11:24:23.943root 11241100x8000000000000000525863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d537fc5a02deace22021-12-21 11:24:23.943root 11241100x8000000000000000525864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370b1e9d6adcfb72021-12-21 11:24:23.943root 11241100x8000000000000000525865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d0b5bddeb5f4732021-12-21 11:24:23.943root 11241100x8000000000000000525866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bef8282251701932021-12-21 11:24:23.944root 11241100x8000000000000000525867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28f5f8a0a208a3c2021-12-21 11:24:23.944root 11241100x8000000000000000525868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05d6142f46c32462021-12-21 11:24:23.944root 11241100x8000000000000000525869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2a9464ac3595b32021-12-21 11:24:24.443root 11241100x8000000000000000525870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547ddaf61e0abd5d2021-12-21 11:24:24.443root 11241100x8000000000000000525871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825ef6b339e437e02021-12-21 11:24:24.443root 11241100x8000000000000000525872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fdbc1f53c623c02021-12-21 11:24:24.443root 11241100x8000000000000000525873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bebad006bcecd62021-12-21 11:24:24.443root 11241100x8000000000000000525874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfa68c5a2a767cc2021-12-21 11:24:24.443root 11241100x8000000000000000525875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47db414613d80ce2021-12-21 11:24:24.443root 11241100x8000000000000000525876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9336844322647e152021-12-21 11:24:24.443root 11241100x8000000000000000525877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6b88a2e4ea75f02021-12-21 11:24:24.443root 11241100x8000000000000000525878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d692dc34c52a92021-12-21 11:24:24.444root 11241100x8000000000000000525879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118f16f9f45ccfb2021-12-21 11:24:24.444root 11241100x8000000000000000525880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d4086de5780022021-12-21 11:24:24.943root 11241100x8000000000000000525881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c8393319ef0e802021-12-21 11:24:24.943root 11241100x8000000000000000525882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7fcde42663c30b2021-12-21 11:24:24.943root 11241100x8000000000000000525883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a162f75ecf2f41f2021-12-21 11:24:24.943root 11241100x8000000000000000525884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f35945744db4a12021-12-21 11:24:24.943root 11241100x8000000000000000525885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cd018e0cb9fb202021-12-21 11:24:24.943root 11241100x8000000000000000525886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b395a2d082033812021-12-21 11:24:24.943root 11241100x8000000000000000525887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6433895babd4852021-12-21 11:24:24.943root 11241100x8000000000000000525888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541518cb779bd4c42021-12-21 11:24:24.943root 11241100x8000000000000000525889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb7d78861dec1842021-12-21 11:24:24.943root 11241100x8000000000000000525890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77d94c3a8370e7a2021-12-21 11:24:24.944root 11241100x8000000000000000525891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0eefb7dba9e6062021-12-21 11:24:25.443root 11241100x8000000000000000525892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b02da517f89847d2021-12-21 11:24:25.443root 11241100x8000000000000000525893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6134dd84b4e669792021-12-21 11:24:25.443root 11241100x8000000000000000525894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb627e3373cb416f2021-12-21 11:24:25.443root 11241100x8000000000000000525895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64404c99f3cdc072021-12-21 11:24:25.443root 11241100x8000000000000000525896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040952e9ce8f7cb2021-12-21 11:24:25.443root 11241100x8000000000000000525897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44692ad8ae96ba2021-12-21 11:24:25.443root 11241100x8000000000000000525898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea71c2038384b402021-12-21 11:24:25.443root 11241100x8000000000000000525899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568630ca2c61698f2021-12-21 11:24:25.444root 11241100x8000000000000000525900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecdc23bd9b60a742021-12-21 11:24:25.444root 11241100x8000000000000000525901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2aa508b7f5068c2021-12-21 11:24:25.444root 354300x8000000000000000525902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.444{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35556-false10.0.1.12-8089- 11241100x8000000000000000525903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee62b9baddad192021-12-21 11:24:25.943root 11241100x8000000000000000525904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0f8f4f39f379d2021-12-21 11:24:25.943root 11241100x8000000000000000525905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02500094bc051b202021-12-21 11:24:25.943root 11241100x8000000000000000525906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b010115cf987d2021-12-21 11:24:25.943root 11241100x8000000000000000525907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a1790dc6909f2e2021-12-21 11:24:25.943root 11241100x8000000000000000525908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c552abc78ec363272021-12-21 11:24:25.943root 11241100x8000000000000000525909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d4e7c49b2a86d12021-12-21 11:24:25.943root 11241100x8000000000000000525910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52caffa090306c302021-12-21 11:24:25.943root 11241100x8000000000000000525911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ffd74c90906cad2021-12-21 11:24:25.944root 11241100x8000000000000000525912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b79de6f3221ef72021-12-21 11:24:25.944root 11241100x8000000000000000525913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1daff776f6b20e2021-12-21 11:24:25.944root 11241100x8000000000000000525914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480256351b93d312021-12-21 11:24:25.944root 11241100x8000000000000000525915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352d2c7f980eddf52021-12-21 11:24:26.443root 11241100x8000000000000000525916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fbaccdd08c145e2021-12-21 11:24:26.443root 11241100x8000000000000000525917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c95b49f4c3730c2021-12-21 11:24:26.443root 11241100x8000000000000000525918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420e98d9ff27ab02021-12-21 11:24:26.443root 11241100x8000000000000000525919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ed6e44aaadd46d2021-12-21 11:24:26.443root 11241100x8000000000000000525920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3486dd7f370c9602021-12-21 11:24:26.443root 11241100x8000000000000000525921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773b519b36f3cab92021-12-21 11:24:26.443root 11241100x8000000000000000525922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c1526f1a32efcb2021-12-21 11:24:26.443root 11241100x8000000000000000525923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a37bcc5eb245202021-12-21 11:24:26.443root 11241100x8000000000000000525924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5307263688ed06c2021-12-21 11:24:26.443root 11241100x8000000000000000525925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea1eddfc07ca592021-12-21 11:24:26.444root 11241100x8000000000000000525926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6210a1ff7180bfaa2021-12-21 11:24:26.444root 11241100x8000000000000000525927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b82883cd50e312021-12-21 11:24:26.943root 11241100x8000000000000000525928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8490d8af47f038b2021-12-21 11:24:26.943root 11241100x8000000000000000525929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c79862f026936d72021-12-21 11:24:26.943root 11241100x8000000000000000525930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7212f1dcb92af17e2021-12-21 11:24:26.943root 11241100x8000000000000000525931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c76a4d8b812dd2021-12-21 11:24:26.943root 11241100x8000000000000000525932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c983059e05cbce2021-12-21 11:24:26.943root 11241100x8000000000000000525933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e433f6ed063982021-12-21 11:24:26.943root 11241100x8000000000000000525934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1646dc3ec2d1ac2021-12-21 11:24:26.943root 11241100x8000000000000000525935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cec053f19f3faf2021-12-21 11:24:26.943root 11241100x8000000000000000525936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efd021ca32052462021-12-21 11:24:26.944root 11241100x8000000000000000525937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05045e32582e044c2021-12-21 11:24:26.944root 11241100x8000000000000000525938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384adf07cb535172021-12-21 11:24:26.944root 11241100x8000000000000000525939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ae56c816528552021-12-21 11:24:27.443root 11241100x8000000000000000525940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aaf74298ea4bd62021-12-21 11:24:27.443root 11241100x8000000000000000525941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc903563f62792472021-12-21 11:24:27.443root 11241100x8000000000000000525942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8760d9fbe44262021-12-21 11:24:27.443root 11241100x8000000000000000525943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c11aef9889f13842021-12-21 11:24:27.443root 11241100x8000000000000000525944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6c86e5aad8f7af2021-12-21 11:24:27.443root 11241100x8000000000000000525945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d9d300ca42c2d2021-12-21 11:24:27.443root 11241100x8000000000000000525946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d6ac712a670e412021-12-21 11:24:27.443root 11241100x8000000000000000525947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77e11796303df72021-12-21 11:24:27.443root 11241100x8000000000000000525948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0d18afcc8030432021-12-21 11:24:27.444root 11241100x8000000000000000525949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8a18cecc854f22021-12-21 11:24:27.444root 11241100x8000000000000000525950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b16618171bbfb2021-12-21 11:24:27.444root 11241100x8000000000000000525951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c65c61cd21966b2021-12-21 11:24:27.943root 11241100x8000000000000000525952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d05435d110cbb82021-12-21 11:24:27.943root 11241100x8000000000000000525953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458bb1cbd775d9972021-12-21 11:24:27.943root 11241100x8000000000000000525954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa6ec31ab0bbd552021-12-21 11:24:27.943root 11241100x8000000000000000525955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1991ae3c5f0f472021-12-21 11:24:27.943root 11241100x8000000000000000525956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc590686e88eba62021-12-21 11:24:27.943root 11241100x8000000000000000525957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed94a1fd253d69d52021-12-21 11:24:27.943root 11241100x8000000000000000525958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc2c9001ae278d82021-12-21 11:24:27.943root 11241100x8000000000000000525959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6761b7de69ba5a9c2021-12-21 11:24:27.943root 11241100x8000000000000000525960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c246029d7030af2021-12-21 11:24:27.944root 11241100x8000000000000000525961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3741b90c13f532bd2021-12-21 11:24:27.944root 11241100x8000000000000000525962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167b9bd517db24842021-12-21 11:24:27.944root 354300x8000000000000000525963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.232{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48494-false10.0.1.12-8000- 11241100x8000000000000000525964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a9178a1695a512021-12-21 11:24:28.232root 11241100x8000000000000000525965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc8e7c3227cf4262021-12-21 11:24:28.232root 11241100x8000000000000000525966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96470ef0b268eb82021-12-21 11:24:28.233root 11241100x8000000000000000525967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b06f8c2cd4e842021-12-21 11:24:28.233root 11241100x8000000000000000525968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc593bbb2c14ec682021-12-21 11:24:28.233root 11241100x8000000000000000525969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a717d04e2a41bd02021-12-21 11:24:28.233root 11241100x8000000000000000525970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b2f65700a3b9172021-12-21 11:24:28.233root 11241100x8000000000000000525971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f619e57b770c5252021-12-21 11:24:28.233root 11241100x8000000000000000525972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97e7fa218eb9c52021-12-21 11:24:28.234root 11241100x8000000000000000525973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1bc6e4c5734e4e2021-12-21 11:24:28.234root 11241100x8000000000000000525974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5890b11a04ae54402021-12-21 11:24:28.234root 11241100x8000000000000000525975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096f52f21a9e11cf2021-12-21 11:24:28.234root 11241100x8000000000000000525976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df76a1d2fc5f55a02021-12-21 11:24:28.234root 11241100x8000000000000000525977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe4b0eb31c8ec32021-12-21 11:24:28.693root 11241100x8000000000000000525978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b836e5b5aefa7a2021-12-21 11:24:28.693root 11241100x8000000000000000525979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed1b5db9b28ea002021-12-21 11:24:28.693root 11241100x8000000000000000525980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db4e43e702bad922021-12-21 11:24:28.693root 11241100x8000000000000000525981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3f2c035e9a0ba22021-12-21 11:24:28.693root 11241100x8000000000000000525982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa9c993568b43762021-12-21 11:24:28.693root 11241100x8000000000000000525983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd160fa42ce8247a2021-12-21 11:24:28.693root 11241100x8000000000000000525984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3d7e4d0742de632021-12-21 11:24:28.694root 11241100x8000000000000000525985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d90fbe25c82bda2021-12-21 11:24:28.694root 11241100x8000000000000000525986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10649bd5c5188f22021-12-21 11:24:28.694root 11241100x8000000000000000525987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd6bf57567e0a7c2021-12-21 11:24:28.694root 11241100x8000000000000000525988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a16c226a8b05b22021-12-21 11:24:28.694root 11241100x8000000000000000525989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d1eb39e21599022021-12-21 11:24:28.694root 11241100x8000000000000000525990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eb50f040541e002021-12-21 11:24:29.193root 11241100x8000000000000000525991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740700e502b481542021-12-21 11:24:29.193root 11241100x8000000000000000525992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaebd7a7eaf01272021-12-21 11:24:29.193root 11241100x8000000000000000525993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043cbb6d2cc0718e2021-12-21 11:24:29.193root 11241100x8000000000000000525994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a89a0fbcb9b3bcd2021-12-21 11:24:29.193root 11241100x8000000000000000525995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f56a7ee760889532021-12-21 11:24:29.193root 11241100x8000000000000000525996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f81299aca89bb5f2021-12-21 11:24:29.193root 11241100x8000000000000000525997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0c125566bc02b2021-12-21 11:24:29.193root 11241100x8000000000000000525998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45dc8368f93cf492021-12-21 11:24:29.194root 11241100x8000000000000000525999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c166e5ae01530ef2021-12-21 11:24:29.194root 11241100x8000000000000000526000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5759947492cb20d72021-12-21 11:24:29.194root 11241100x8000000000000000526001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045cff046b16c362021-12-21 11:24:29.194root 11241100x8000000000000000526002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56bee1331ae82d42021-12-21 11:24:29.194root 11241100x8000000000000000526003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdba37e361f94812021-12-21 11:24:29.693root 11241100x8000000000000000526004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851c9af651de87b2021-12-21 11:24:29.693root 11241100x8000000000000000526005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae3a44510f589d2021-12-21 11:24:29.693root 11241100x8000000000000000526006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c67e7a58919c39c2021-12-21 11:24:29.694root 11241100x8000000000000000526007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795443858f84136b2021-12-21 11:24:29.694root 11241100x8000000000000000526008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69eece9f8a568a62021-12-21 11:24:29.694root 11241100x8000000000000000526009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69391bc750e16b262021-12-21 11:24:29.695root 11241100x8000000000000000526010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe630ce2d647dc292021-12-21 11:24:29.695root 11241100x8000000000000000526011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceb03b053e6afef2021-12-21 11:24:29.695root 11241100x8000000000000000526012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc42ceb636b29ce72021-12-21 11:24:29.695root 11241100x8000000000000000526013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6745adb943e9712021-12-21 11:24:29.695root 11241100x8000000000000000526014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e067fa0fe9a31dfa2021-12-21 11:24:29.695root 11241100x8000000000000000526015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d8f0768d0e3072021-12-21 11:24:29.696root 11241100x8000000000000000526016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8943f3c16f25362021-12-21 11:24:30.193root 11241100x8000000000000000526017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ab41ccca6cd7772021-12-21 11:24:30.193root 11241100x8000000000000000526018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7e7151df8888b2021-12-21 11:24:30.193root 11241100x8000000000000000526019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8f6a702ff81af52021-12-21 11:24:30.193root 11241100x8000000000000000526020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8658ef32e60d63b2021-12-21 11:24:30.194root 11241100x8000000000000000526021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93ae9ef27e5da7f2021-12-21 11:24:30.194root 11241100x8000000000000000526022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af38692c4999a9c2021-12-21 11:24:30.194root 11241100x8000000000000000526023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d65f96920de16d2021-12-21 11:24:30.194root 11241100x8000000000000000526024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc137193ea9c32e72021-12-21 11:24:30.194root 11241100x8000000000000000526025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f02d3b75696202021-12-21 11:24:30.194root 11241100x8000000000000000526026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218ba582f466ec812021-12-21 11:24:30.195root 11241100x8000000000000000526027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00800c08ef74bed2021-12-21 11:24:30.195root 11241100x8000000000000000526028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0018ace40741ea492021-12-21 11:24:30.195root 11241100x8000000000000000526029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de98219fa3928f2021-12-21 11:24:30.693root 11241100x8000000000000000526030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caec17ede91291262021-12-21 11:24:30.693root 11241100x8000000000000000526031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19974b198f19e912021-12-21 11:24:30.693root 11241100x8000000000000000526032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5daa1b0dac2947c2021-12-21 11:24:30.693root 11241100x8000000000000000526033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0870c79a66eccb2021-12-21 11:24:30.694root 11241100x8000000000000000526034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5408d5d17345a4d2021-12-21 11:24:30.694root 11241100x8000000000000000526035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3928834714ca7b8f2021-12-21 11:24:30.694root 11241100x8000000000000000526036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ede7246514c9c12021-12-21 11:24:30.694root 11241100x8000000000000000526037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106189d2b96751032021-12-21 11:24:30.694root 11241100x8000000000000000526038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94928f3141645d942021-12-21 11:24:30.694root 11241100x8000000000000000526039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca62d3609d371fc2021-12-21 11:24:30.695root 11241100x8000000000000000526040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa00d2ebc8803c92021-12-21 11:24:30.695root 11241100x8000000000000000526041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3557ff2ffee2782021-12-21 11:24:30.695root 11241100x8000000000000000526042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8144216be66662c22021-12-21 11:24:31.193root 11241100x8000000000000000526043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270158cd1e9aa5802021-12-21 11:24:31.193root 11241100x8000000000000000526044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa85aadc4f053bf2021-12-21 11:24:31.193root 11241100x8000000000000000526045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a3ae2588e105982021-12-21 11:24:31.193root 11241100x8000000000000000526046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f98b22b88a0642021-12-21 11:24:31.193root 11241100x8000000000000000526047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335911a9e9f2df382021-12-21 11:24:31.193root 11241100x8000000000000000526048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53550793f4ae4eed2021-12-21 11:24:31.193root 11241100x8000000000000000526049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c998fcab2a27e2021-12-21 11:24:31.194root 11241100x8000000000000000526050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b319c1563789fe2021-12-21 11:24:31.194root 11241100x8000000000000000526051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2166f3e84e08358c2021-12-21 11:24:31.194root 11241100x8000000000000000526052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284faf77c16942f12021-12-21 11:24:31.194root 11241100x8000000000000000526053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998d6e6aadfe24d92021-12-21 11:24:31.194root 11241100x8000000000000000526054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad33280723a2225a2021-12-21 11:24:31.194root 11241100x8000000000000000526055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7fc4d8499f7c92021-12-21 11:24:31.693root 11241100x8000000000000000526056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1179482357616d762021-12-21 11:24:31.693root 11241100x8000000000000000526057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b9342c1e877fc92021-12-21 11:24:31.693root 11241100x8000000000000000526058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657482a7f57a5762021-12-21 11:24:31.693root 11241100x8000000000000000526059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25960a286d3695a2021-12-21 11:24:31.694root 11241100x8000000000000000526060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c60dda289f2aaa02021-12-21 11:24:31.694root 11241100x8000000000000000526061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae850e6c3db299a2021-12-21 11:24:31.694root 11241100x8000000000000000526062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43d743b3c6b31cc2021-12-21 11:24:31.694root 11241100x8000000000000000526063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c271df23b51442021-12-21 11:24:31.694root 11241100x8000000000000000526064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eed80e557cdf482021-12-21 11:24:31.695root 11241100x8000000000000000526065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e502ead67f59d42021-12-21 11:24:31.695root 11241100x8000000000000000526066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a41e49ffa93b222021-12-21 11:24:31.695root 11241100x8000000000000000526067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8644722b7885b22021-12-21 11:24:31.695root 11241100x8000000000000000526068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b103adc33f66692021-12-21 11:24:32.193root 11241100x8000000000000000526069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8e6d3538f07d32021-12-21 11:24:32.193root 11241100x8000000000000000526070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb312e13470b04752021-12-21 11:24:32.193root 11241100x8000000000000000526071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5966df5b5aabde2021-12-21 11:24:32.193root 11241100x8000000000000000526072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe22ba92dba88e2021-12-21 11:24:32.193root 11241100x8000000000000000526073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f268d497e222cd42021-12-21 11:24:32.193root 11241100x8000000000000000526074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2675cac292f3462021-12-21 11:24:32.194root 11241100x8000000000000000526075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b151e25ce0324f22021-12-21 11:24:32.194root 11241100x8000000000000000526076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4807801bb893332021-12-21 11:24:32.194root 11241100x8000000000000000526077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891f3162084ce242021-12-21 11:24:32.194root 11241100x8000000000000000526078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189666a19054fc22021-12-21 11:24:32.194root 11241100x8000000000000000526079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67722669467866462021-12-21 11:24:32.194root 11241100x8000000000000000526080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd1e5d2a3de7d2e2021-12-21 11:24:32.194root 11241100x8000000000000000526081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80760aab4043ce2021-12-21 11:24:32.693root 11241100x8000000000000000526082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb7daffa2767ca42021-12-21 11:24:32.693root 11241100x8000000000000000526083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d86578a3f79eef2021-12-21 11:24:32.693root 11241100x8000000000000000526084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ff2779a16c5e3a2021-12-21 11:24:32.693root 11241100x8000000000000000526085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476032c5144477d82021-12-21 11:24:32.693root 11241100x8000000000000000526086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb47025d176f1a022021-12-21 11:24:32.693root 11241100x8000000000000000526087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583fd92674071a8e2021-12-21 11:24:32.693root 11241100x8000000000000000526088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8672f02a54ac01ec2021-12-21 11:24:32.693root 11241100x8000000000000000526089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeffa0b4a1d4ff6b2021-12-21 11:24:32.694root 11241100x8000000000000000526090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4e86f21d569d662021-12-21 11:24:32.694root 11241100x8000000000000000526091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d4a748f085c3ee2021-12-21 11:24:32.694root 11241100x8000000000000000526092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d973b1082deec2b2021-12-21 11:24:32.694root 11241100x8000000000000000526093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49744bd4c186b52021-12-21 11:24:32.694root 11241100x8000000000000000526094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c0e879250676ed2021-12-21 11:24:33.193root 11241100x8000000000000000526095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79c9e835f602862021-12-21 11:24:33.193root 11241100x8000000000000000526096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ed32a25491f9982021-12-21 11:24:33.193root 11241100x8000000000000000526097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8573287f234d1b3e2021-12-21 11:24:33.193root 11241100x8000000000000000526098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e693ec207c03f6532021-12-21 11:24:33.193root 11241100x8000000000000000526099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c51607ff0b4c52021-12-21 11:24:33.193root 11241100x8000000000000000526100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a64a867891066f02021-12-21 11:24:33.194root 11241100x8000000000000000526101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5f97eb6f1750272021-12-21 11:24:33.194root 11241100x8000000000000000526102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2b70e079aedc6b2021-12-21 11:24:33.194root 11241100x8000000000000000526103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cf4111f01ac6712021-12-21 11:24:33.194root 11241100x8000000000000000526104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71159f1254af148f2021-12-21 11:24:33.194root 11241100x8000000000000000526105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa4bd59823964162021-12-21 11:24:33.194root 11241100x8000000000000000526106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a381637bc8c9fa2021-12-21 11:24:33.194root 11241100x8000000000000000526107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e0933e461ddf522021-12-21 11:24:33.693root 11241100x8000000000000000526108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b1c6e7a71a6d5c2021-12-21 11:24:33.693root 11241100x8000000000000000526109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770ada7a12f3e3c72021-12-21 11:24:33.693root 11241100x8000000000000000526110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe35d385fa53c6ce2021-12-21 11:24:33.694root 11241100x8000000000000000526111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b89f8e811c5bb72021-12-21 11:24:33.694root 11241100x8000000000000000526112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5003ea5f730948ef2021-12-21 11:24:33.694root 11241100x8000000000000000526113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93af2b8de0cf1e7e2021-12-21 11:24:33.694root 11241100x8000000000000000526114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1734e0e46bfec8402021-12-21 11:24:33.694root 11241100x8000000000000000526115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbde9d1fcf3be91a2021-12-21 11:24:33.694root 11241100x8000000000000000526116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c466b4528f699602021-12-21 11:24:33.694root 11241100x8000000000000000526117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1054f91ab0c144782021-12-21 11:24:33.694root 11241100x8000000000000000526118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550a48431c2d3612021-12-21 11:24:33.694root 11241100x8000000000000000526119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feb7d77e2497ec42021-12-21 11:24:33.694root 354300x8000000000000000526120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.035{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48496-false10.0.1.12-8000- 11241100x8000000000000000526121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426585d7611640102021-12-21 11:24:34.037root 11241100x8000000000000000526122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61ca4a9886ea55e2021-12-21 11:24:34.037root 11241100x8000000000000000526123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60d99d85858c772021-12-21 11:24:34.037root 11241100x8000000000000000526124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadfad9496967ef82021-12-21 11:24:34.037root 11241100x8000000000000000526125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf41286e78a1d012021-12-21 11:24:34.037root 11241100x8000000000000000526126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124d306fe1e5ee52021-12-21 11:24:34.037root 11241100x8000000000000000526127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a05982fb14abcd2021-12-21 11:24:34.037root 11241100x8000000000000000526128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d8ec3036a593af2021-12-21 11:24:34.037root 11241100x8000000000000000526129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5af41ef80cf70a2021-12-21 11:24:34.037root 11241100x8000000000000000526130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b5886ac936189e2021-12-21 11:24:34.037root 11241100x8000000000000000526131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20feb67a6d79c18d2021-12-21 11:24:34.038root 11241100x8000000000000000526132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55394a92972bd5db2021-12-21 11:24:34.038root 11241100x8000000000000000526133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abf69aa0f58778f2021-12-21 11:24:34.038root 11241100x8000000000000000526134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07cc03248d0693a2021-12-21 11:24:34.038root 11241100x8000000000000000526135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83ea4096889d66e2021-12-21 11:24:34.443root 11241100x8000000000000000526136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b37e315354388c02021-12-21 11:24:34.443root 11241100x8000000000000000526137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c683f656f08e0432021-12-21 11:24:34.443root 11241100x8000000000000000526138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd675af2213b5d112021-12-21 11:24:34.443root 11241100x8000000000000000526139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3991ec44397c552021-12-21 11:24:34.443root 11241100x8000000000000000526140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba57700733845012021-12-21 11:24:34.443root 11241100x8000000000000000526141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c270308b16197c2021-12-21 11:24:34.443root 11241100x8000000000000000526142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8259f06669d9744a2021-12-21 11:24:34.443root 11241100x8000000000000000526143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4272e21431f5117c2021-12-21 11:24:34.444root 11241100x8000000000000000526144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aca23de5d3c5512021-12-21 11:24:34.444root 11241100x8000000000000000526145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49d6756acfae3b2021-12-21 11:24:34.444root 11241100x8000000000000000526146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e933a28b10b3a21f2021-12-21 11:24:34.444root 11241100x8000000000000000526147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056e3ac064355182021-12-21 11:24:34.444root 11241100x8000000000000000526148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6244943013c34db12021-12-21 11:24:34.444root 11241100x8000000000000000526149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb93e73aa9f6cca2021-12-21 11:24:34.943root 11241100x8000000000000000526150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbc8603db4247fb2021-12-21 11:24:34.943root 11241100x8000000000000000526151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af215c35df86139d2021-12-21 11:24:34.943root 11241100x8000000000000000526152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6e395a5d6d9872021-12-21 11:24:34.943root 11241100x8000000000000000526153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faa934cc924b1072021-12-21 11:24:34.943root 11241100x8000000000000000526154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1185f99bacd7c5a62021-12-21 11:24:34.943root 11241100x8000000000000000526155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a032d145f79d292021-12-21 11:24:34.943root 11241100x8000000000000000526156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1368591529d81f2021-12-21 11:24:34.943root 11241100x8000000000000000526157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bff7d1646073812021-12-21 11:24:34.944root 11241100x8000000000000000526158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88900999c0c2dfff2021-12-21 11:24:34.944root 11241100x8000000000000000526159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581991479846bf1b2021-12-21 11:24:34.944root 11241100x8000000000000000526160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0601bb590af19f92021-12-21 11:24:34.944root 11241100x8000000000000000526161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb65844a8e8ce32021-12-21 11:24:34.944root 11241100x8000000000000000526162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c1090e99d64e672021-12-21 11:24:34.944root 11241100x8000000000000000526163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9991686616d9ccb92021-12-21 11:24:35.443root 11241100x8000000000000000526164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a1fee7ea40bf52021-12-21 11:24:35.443root 11241100x8000000000000000526165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb96bd94a5ac19b22021-12-21 11:24:35.443root 11241100x8000000000000000526166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5764497bfe4359ca2021-12-21 11:24:35.443root 11241100x8000000000000000526167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c1b3f3a3b344d2021-12-21 11:24:35.443root 11241100x8000000000000000526168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33db148d4cfc03902021-12-21 11:24:35.443root 11241100x8000000000000000526169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c4df56123f6e662021-12-21 11:24:35.443root 11241100x8000000000000000526170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1208e1d7edfffa282021-12-21 11:24:35.443root 11241100x8000000000000000526171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5eda962dabc5752021-12-21 11:24:35.444root 11241100x8000000000000000526172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3537fe17db4147cc2021-12-21 11:24:35.444root 11241100x8000000000000000526173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82ce375244cc2032021-12-21 11:24:35.444root 11241100x8000000000000000526174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a1c80cd66f7682021-12-21 11:24:35.444root 11241100x8000000000000000526175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6545aa75d5d8849a2021-12-21 11:24:35.444root 11241100x8000000000000000526176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b95089216f2c2b12021-12-21 11:24:35.444root 11241100x8000000000000000526177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e1b5d84d70b27f2021-12-21 11:24:35.943root 11241100x8000000000000000526178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758a5de529eab4b02021-12-21 11:24:35.943root 11241100x8000000000000000526179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe05cdb70d1beb52021-12-21 11:24:35.943root 11241100x8000000000000000526180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796be04b56fd3cb12021-12-21 11:24:35.943root 11241100x8000000000000000526181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b605877c28e470a2021-12-21 11:24:35.944root 11241100x8000000000000000526182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3483edc3b560302021-12-21 11:24:35.944root 11241100x8000000000000000526183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a05e545626bb22021-12-21 11:24:35.944root 11241100x8000000000000000526184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c53ec5b5fc9742021-12-21 11:24:35.944root 11241100x8000000000000000526185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0d4fa42592ad172021-12-21 11:24:35.944root 11241100x8000000000000000526186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1528b1acb9139b2021-12-21 11:24:35.944root 11241100x8000000000000000526187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6b86ac95f8e63f2021-12-21 11:24:35.944root 11241100x8000000000000000526188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf34a234f9c037872021-12-21 11:24:35.944root 11241100x8000000000000000526189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bef9c12264593c2021-12-21 11:24:35.944root 11241100x8000000000000000526190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fe41fad72b274c2021-12-21 11:24:35.944root 11241100x8000000000000000526191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:24:36.329root 11241100x8000000000000000526192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0909090d317b0722021-12-21 11:24:36.330root 11241100x8000000000000000526193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c80ec24e294eefa2021-12-21 11:24:36.330root 11241100x8000000000000000526194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb22b92138d605f2021-12-21 11:24:36.330root 11241100x8000000000000000526195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ba28b61c752e62021-12-21 11:24:36.330root 11241100x8000000000000000526196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452050ee20dbd632021-12-21 11:24:36.330root 11241100x8000000000000000526197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff88a2e4f3c7e7e62021-12-21 11:24:36.330root 11241100x8000000000000000526198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9506fe12e92c777c2021-12-21 11:24:36.330root 11241100x8000000000000000526199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc01512216e31202021-12-21 11:24:36.330root 11241100x8000000000000000526200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8633385cb01a953a2021-12-21 11:24:36.331root 11241100x8000000000000000526201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c0dc220511ef832021-12-21 11:24:36.331root 11241100x8000000000000000526202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705e148455f629372021-12-21 11:24:36.331root 11241100x8000000000000000526203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f83144ac53d86bb2021-12-21 11:24:36.331root 11241100x8000000000000000526204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855dd4385114d3a32021-12-21 11:24:36.331root 11241100x8000000000000000526205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de8e20a3e1187372021-12-21 11:24:36.331root 11241100x8000000000000000526206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffab4fdfaee04de2021-12-21 11:24:36.331root 11241100x8000000000000000526207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0820dfa9d9db442021-12-21 11:24:36.693root 11241100x8000000000000000526208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a7dd0a5f68ad7a2021-12-21 11:24:36.693root 11241100x8000000000000000526209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0571fa18a8560b62021-12-21 11:24:36.693root 11241100x8000000000000000526210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa2b8ba4e9641862021-12-21 11:24:36.693root 11241100x8000000000000000526211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a816637d0eb35f2021-12-21 11:24:36.693root 11241100x8000000000000000526212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7200ead470c73272021-12-21 11:24:36.693root 11241100x8000000000000000526213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc073489a55b7192021-12-21 11:24:36.693root 11241100x8000000000000000526214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed0096ff8ed4e3f2021-12-21 11:24:36.693root 11241100x8000000000000000526215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fcd4205b40a25e2021-12-21 11:24:36.694root 11241100x8000000000000000526216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe0202aaa6ab742021-12-21 11:24:36.694root 11241100x8000000000000000526217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0e41d24726dd52021-12-21 11:24:36.694root 11241100x8000000000000000526218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb372adda60779b2021-12-21 11:24:36.694root 11241100x8000000000000000526219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18226f3ee899cbd92021-12-21 11:24:36.694root 11241100x8000000000000000526220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91513361d7431d8f2021-12-21 11:24:36.694root 11241100x8000000000000000526221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0c0cb346d2c2672021-12-21 11:24:36.694root 11241100x8000000000000000526222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bdc59d1ce3b3862021-12-21 11:24:37.193root 11241100x8000000000000000526223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a94c777c23feb852021-12-21 11:24:37.193root 11241100x8000000000000000526224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2d164197f4ad9a2021-12-21 11:24:37.193root 11241100x8000000000000000526225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca09ea4ab58793a22021-12-21 11:24:37.193root 11241100x8000000000000000526226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fedf6a847cdcfeb2021-12-21 11:24:37.193root 11241100x8000000000000000526227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116afc11655b36ab2021-12-21 11:24:37.193root 11241100x8000000000000000526228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75092dd39ad78a0a2021-12-21 11:24:37.193root 11241100x8000000000000000526229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbfe060ccceb0172021-12-21 11:24:37.194root 11241100x8000000000000000526230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cda2e41fbf4c202021-12-21 11:24:37.194root 11241100x8000000000000000526231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38137fd70f342412021-12-21 11:24:37.194root 11241100x8000000000000000526232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19d2062c1c587582021-12-21 11:24:37.194root 11241100x8000000000000000526233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f418120b711a8c352021-12-21 11:24:37.194root 11241100x8000000000000000526234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c08b89c9f0995b92021-12-21 11:24:37.194root 11241100x8000000000000000526235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5186b976ba131b42021-12-21 11:24:37.194root 11241100x8000000000000000526236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57dc4f12eafd9702021-12-21 11:24:37.194root 11241100x8000000000000000526237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cd429f1c97a0a92021-12-21 11:24:37.693root 11241100x8000000000000000526238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6ab4ff2076044e2021-12-21 11:24:37.693root 11241100x8000000000000000526239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f9f31a6a10b11f2021-12-21 11:24:37.693root 11241100x8000000000000000526240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05430ee4ea5778ce2021-12-21 11:24:37.693root 11241100x8000000000000000526241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b9bacd9cd1d4672021-12-21 11:24:37.694root 11241100x8000000000000000526242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25979a575d6f59182021-12-21 11:24:37.694root 11241100x8000000000000000526243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac804b274c7b2532021-12-21 11:24:37.694root 11241100x8000000000000000526244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5404f732c925ce2021-12-21 11:24:37.694root 11241100x8000000000000000526245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446986af6307cb32021-12-21 11:24:37.694root 11241100x8000000000000000526246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bbe1634ac1ccf42021-12-21 11:24:37.695root 11241100x8000000000000000526247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41146be186e84b382021-12-21 11:24:37.695root 11241100x8000000000000000526248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbc4c1e8a65a5502021-12-21 11:24:37.695root 11241100x8000000000000000526249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89625cef51c49742021-12-21 11:24:37.695root 11241100x8000000000000000526250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f287f464ca8038572021-12-21 11:24:37.695root 11241100x8000000000000000526251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c2c737b3b97b72021-12-21 11:24:37.695root 11241100x8000000000000000526252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecefe3a33ae10f612021-12-21 11:24:38.193root 11241100x8000000000000000526253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1e5799f88086392021-12-21 11:24:38.193root 11241100x8000000000000000526254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac560978930ca072021-12-21 11:24:38.193root 11241100x8000000000000000526255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f8d545e6097f382021-12-21 11:24:38.193root 11241100x8000000000000000526256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a76b525dbfab1f2021-12-21 11:24:38.193root 11241100x8000000000000000526257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446523b455af41782021-12-21 11:24:38.194root 11241100x8000000000000000526258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2c4f092603f6542021-12-21 11:24:38.194root 11241100x8000000000000000526259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f038af67f4a225562021-12-21 11:24:38.194root 11241100x8000000000000000526260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c2408e948aa3ac2021-12-21 11:24:38.194root 11241100x8000000000000000526261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329747c260374c12021-12-21 11:24:38.194root 11241100x8000000000000000526262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a739802f8661f35f2021-12-21 11:24:38.194root 11241100x8000000000000000526263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed3c9e06839121c2021-12-21 11:24:38.194root 11241100x8000000000000000526264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d1888b9f91e5202021-12-21 11:24:38.194root 11241100x8000000000000000526265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640514f156c9dc32021-12-21 11:24:38.194root 11241100x8000000000000000526266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e3fb8ae7b32ed22021-12-21 11:24:38.194root 11241100x8000000000000000526267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3d6874960d3e712021-12-21 11:24:38.693root 11241100x8000000000000000526268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb2f9e09ec29fd2021-12-21 11:24:38.693root 11241100x8000000000000000526269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18939ed0cae5bda92021-12-21 11:24:38.693root 11241100x8000000000000000526270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f6d3f5250afbb62021-12-21 11:24:38.693root 11241100x8000000000000000526271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da055347746d9d212021-12-21 11:24:38.693root 11241100x8000000000000000526272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3260bddb7df957f02021-12-21 11:24:38.693root 11241100x8000000000000000526273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9dc1c123f2a98c2021-12-21 11:24:38.693root 11241100x8000000000000000526274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae8b4a8f86c551e2021-12-21 11:24:38.694root 11241100x8000000000000000526275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a393992e46becec2021-12-21 11:24:38.694root 11241100x8000000000000000526276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5ef1de36f259242021-12-21 11:24:38.694root 11241100x8000000000000000526277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e3d5e64038045f2021-12-21 11:24:38.694root 11241100x8000000000000000526278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d667de0a06b04c2021-12-21 11:24:38.694root 11241100x8000000000000000526279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f35e77869d9b3c2021-12-21 11:24:38.694root 11241100x8000000000000000526280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a21b15d27d1ea282021-12-21 11:24:38.694root 11241100x8000000000000000526281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfd9a4548879f9b2021-12-21 11:24:38.694root 354300x8000000000000000526282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.147{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48498-false10.0.1.12-8000- 11241100x8000000000000000526283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a0a59ba8e8dcbe2021-12-21 11:24:39.148root 11241100x8000000000000000526284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f737a47387bbec112021-12-21 11:24:39.148root 11241100x8000000000000000526285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea0054b70edbc72021-12-21 11:24:39.148root 11241100x8000000000000000526286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712ea5b6370dc0e2021-12-21 11:24:39.148root 11241100x8000000000000000526287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4bbd2102d2c68e2021-12-21 11:24:39.148root 11241100x8000000000000000526288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c752690c2abb502021-12-21 11:24:39.149root 11241100x8000000000000000526289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8460fd06603c792021-12-21 11:24:39.149root 11241100x8000000000000000526290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db4a4a8ca195e532021-12-21 11:24:39.149root 11241100x8000000000000000526291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f79122445363c72021-12-21 11:24:39.149root 11241100x8000000000000000526292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b67c28bff769cc12021-12-21 11:24:39.149root 11241100x8000000000000000526293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04c47f8d07638f02021-12-21 11:24:39.149root 11241100x8000000000000000526294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ee1367ddbb736d2021-12-21 11:24:39.149root 11241100x8000000000000000526295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb37f3bd0a51e22021-12-21 11:24:39.149root 11241100x8000000000000000526296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6d2145a747fe6f2021-12-21 11:24:39.149root 11241100x8000000000000000526297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b2c7fec38f480f2021-12-21 11:24:39.149root 11241100x8000000000000000526298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2568b73c17751d0e2021-12-21 11:24:39.150root 11241100x8000000000000000526299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352ff84823d7531a2021-12-21 11:24:39.150root 11241100x8000000000000000526300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201590751455eae12021-12-21 11:24:39.150root 11241100x8000000000000000526301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c524cb7788702f42021-12-21 11:24:39.150root 11241100x8000000000000000526302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473acf24e9b9c6212021-12-21 11:24:39.150root 23542300x8000000000000000526303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000526304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053544f6cb5e63432021-12-21 11:24:39.443root 11241100x8000000000000000526305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b45a5498797994c2021-12-21 11:24:39.443root 11241100x8000000000000000526306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981d2e5136fb107f2021-12-21 11:24:39.443root 11241100x8000000000000000526307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eee66f0d5fe449a2021-12-21 11:24:39.443root 11241100x8000000000000000526308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9282af4caee32b2021-12-21 11:24:39.443root 11241100x8000000000000000526309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4829a238862d23792021-12-21 11:24:39.444root 11241100x8000000000000000526310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c49e396918d2e92021-12-21 11:24:39.444root 11241100x8000000000000000526311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39e3b37a08e4de52021-12-21 11:24:39.444root 11241100x8000000000000000526312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d7f77c1f214d792021-12-21 11:24:39.444root 11241100x8000000000000000526313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd896610c7d39b82021-12-21 11:24:39.444root 11241100x8000000000000000526314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b13b95bf7c7ae6c2021-12-21 11:24:39.444root 11241100x8000000000000000526315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b647f5f023461f692021-12-21 11:24:39.444root 11241100x8000000000000000526316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2065d964501db742021-12-21 11:24:39.444root 11241100x8000000000000000526317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f3df3e743006862021-12-21 11:24:39.444root 11241100x8000000000000000526318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e31279ecab5c362021-12-21 11:24:39.444root 11241100x8000000000000000526319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06bf4fe67ab2842021-12-21 11:24:39.444root 11241100x8000000000000000526320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4695a2c29e968ac2021-12-21 11:24:39.444root 11241100x8000000000000000526321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982b61774d725f262021-12-21 11:24:39.943root 11241100x8000000000000000526322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7779c9f1e98d09352021-12-21 11:24:39.943root 11241100x8000000000000000526323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f62facd08a4292021-12-21 11:24:39.943root 11241100x8000000000000000526324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7e1ad1fc3f7be82021-12-21 11:24:39.944root 11241100x8000000000000000526325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12edbdec3af22502021-12-21 11:24:39.944root 11241100x8000000000000000526326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83e000cab5d99ac2021-12-21 11:24:39.944root 11241100x8000000000000000526327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d544bab7c285a62021-12-21 11:24:39.944root 11241100x8000000000000000526328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb10ee5d00064852021-12-21 11:24:39.944root 11241100x8000000000000000526329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826bb005ac942b8c2021-12-21 11:24:39.944root 11241100x8000000000000000526330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d036405490bb3ba2021-12-21 11:24:39.944root 11241100x8000000000000000526331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fcd81d4e60a3422021-12-21 11:24:39.944root 11241100x8000000000000000526332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3ba93fc9e4f6942021-12-21 11:24:39.944root 11241100x8000000000000000526333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5b8e5a34d3bdd12021-12-21 11:24:39.944root 11241100x8000000000000000526334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b524fbd42f5e492021-12-21 11:24:39.944root 11241100x8000000000000000526335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bc5b9573b84f972021-12-21 11:24:39.944root 11241100x8000000000000000526336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235e8f8252f37fb2021-12-21 11:24:39.944root 11241100x8000000000000000526337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c2b0e351889e42021-12-21 11:24:39.944root 11241100x8000000000000000526338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e8e3b4cf7a6382021-12-21 11:24:40.443root 11241100x8000000000000000526339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42e2b2890abca32021-12-21 11:24:40.443root 11241100x8000000000000000526340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ff200dc5f4f4112021-12-21 11:24:40.443root 11241100x8000000000000000526341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635c7882d65de9d62021-12-21 11:24:40.443root 11241100x8000000000000000526342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e10631472e915302021-12-21 11:24:40.443root 11241100x8000000000000000526343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb5acc8522215a22021-12-21 11:24:40.444root 11241100x8000000000000000526344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf4d7ba981720842021-12-21 11:24:40.444root 11241100x8000000000000000526345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e818e789b0eba2e2021-12-21 11:24:40.444root 11241100x8000000000000000526346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2a0299880dc8cd2021-12-21 11:24:40.444root 11241100x8000000000000000526347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb9a45c561f50b2021-12-21 11:24:40.444root 11241100x8000000000000000526348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2e3f558fbe1e712021-12-21 11:24:40.444root 11241100x8000000000000000526349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c822111175e06982021-12-21 11:24:40.444root 11241100x8000000000000000526350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d948bdcb652c7f752021-12-21 11:24:40.444root 11241100x8000000000000000526351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa4d9dfdfc55702021-12-21 11:24:40.444root 11241100x8000000000000000526352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5c7603d109610a2021-12-21 11:24:40.444root 11241100x8000000000000000526353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2449f6a9c03c00122021-12-21 11:24:40.444root 11241100x8000000000000000526354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57652981d5ff87952021-12-21 11:24:40.444root 11241100x8000000000000000526355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9f68e0132da3002021-12-21 11:24:40.943root 11241100x8000000000000000526356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b2485499af25ad2021-12-21 11:24:40.943root 11241100x8000000000000000526357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7522fcf4e3ae5b7c2021-12-21 11:24:40.943root 11241100x8000000000000000526358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0835f78b0ffaba8b2021-12-21 11:24:40.943root 11241100x8000000000000000526359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb757b338e9705502021-12-21 11:24:40.943root 11241100x8000000000000000526360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4103d855d37ba932021-12-21 11:24:40.943root 11241100x8000000000000000526361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2121c37ccda0a3d42021-12-21 11:24:40.944root 11241100x8000000000000000526362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca60ffa4b0d166472021-12-21 11:24:40.944root 11241100x8000000000000000526363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a9b8fed929e87a2021-12-21 11:24:40.944root 11241100x8000000000000000526364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0662eb956a6a71322021-12-21 11:24:40.944root 11241100x8000000000000000526365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202f022098208672021-12-21 11:24:40.944root 11241100x8000000000000000526366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d6e491877c7a62021-12-21 11:24:40.944root 11241100x8000000000000000526367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03febb9e7fbfb12021-12-21 11:24:40.944root 11241100x8000000000000000526368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4c250b9e5a54dc2021-12-21 11:24:40.944root 11241100x8000000000000000526369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f4ea7d842a5d4d2021-12-21 11:24:40.944root 11241100x8000000000000000526370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f8c2382faf303d2021-12-21 11:24:40.944root 11241100x8000000000000000526371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f03e86b97c48e32021-12-21 11:24:40.944root 11241100x8000000000000000526372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c734726e9a8057832021-12-21 11:24:41.443root 11241100x8000000000000000526373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3501420070c45e9b2021-12-21 11:24:41.443root 11241100x8000000000000000526374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4fe0aa336c6ee52021-12-21 11:24:41.443root 11241100x8000000000000000526375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4deb74ddc5149a02021-12-21 11:24:41.444root 11241100x8000000000000000526376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba0d4732e140822021-12-21 11:24:41.444root 11241100x8000000000000000526377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9e018a0772e2e22021-12-21 11:24:41.444root 11241100x8000000000000000526378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fd8727ec68e5492021-12-21 11:24:41.444root 11241100x8000000000000000526379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a33ab337a9dda42021-12-21 11:24:41.444root 11241100x8000000000000000526380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7986f13dbce8d8a02021-12-21 11:24:41.444root 11241100x8000000000000000526381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7df6395e5b34842021-12-21 11:24:41.444root 11241100x8000000000000000526382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57e4d9813d7a06f2021-12-21 11:24:41.444root 11241100x8000000000000000526383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613ddf93200f948d2021-12-21 11:24:41.444root 11241100x8000000000000000526384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff599fa24e6e80972021-12-21 11:24:41.444root 11241100x8000000000000000526385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f4ff5d68d5b542021-12-21 11:24:41.444root 11241100x8000000000000000526386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddf1b4373e162ef2021-12-21 11:24:41.444root 11241100x8000000000000000526387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00c8c24abcb1aa82021-12-21 11:24:41.444root 11241100x8000000000000000526388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6817951a6de82d2021-12-21 11:24:41.444root 11241100x8000000000000000526389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b842fb1821eb95c62021-12-21 11:24:41.943root 11241100x8000000000000000526390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b343e76c71a53e2021-12-21 11:24:41.943root 11241100x8000000000000000526391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23032632d997b1172021-12-21 11:24:41.943root 11241100x8000000000000000526392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b22eb2db61357ff2021-12-21 11:24:41.943root 11241100x8000000000000000526393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86024bbc6603d6db2021-12-21 11:24:41.943root 11241100x8000000000000000526394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc54722226ccef22021-12-21 11:24:41.943root 11241100x8000000000000000526395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990a5977f2253d662021-12-21 11:24:41.944root 11241100x8000000000000000526396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b87c6cdb23aeb92021-12-21 11:24:41.944root 11241100x8000000000000000526397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc3acf8266970d42021-12-21 11:24:41.944root 11241100x8000000000000000526398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593bb981618115232021-12-21 11:24:41.944root 11241100x8000000000000000526399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4c3ece28e76c962021-12-21 11:24:41.944root 11241100x8000000000000000526400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b0c2b90ddb51272021-12-21 11:24:41.944root 11241100x8000000000000000526401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b07fff996ec89aa2021-12-21 11:24:41.944root 11241100x8000000000000000526402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbaf2168c3ab8b82021-12-21 11:24:41.944root 11241100x8000000000000000526403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d3754e377e9432021-12-21 11:24:41.944root 11241100x8000000000000000526404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ce4c568c10d5a2021-12-21 11:24:41.944root 11241100x8000000000000000526405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33df0501a5fb1de62021-12-21 11:24:41.944root 11241100x8000000000000000526406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d3f3d91bd041792021-12-21 11:24:42.443root 11241100x8000000000000000526407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812bd9e276f558542021-12-21 11:24:42.443root 11241100x8000000000000000526408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6029315d072e35442021-12-21 11:24:42.443root 11241100x8000000000000000526409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e105a4bb24b6d022021-12-21 11:24:42.443root 11241100x8000000000000000526410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9609e1855a5ee39f2021-12-21 11:24:42.443root 11241100x8000000000000000526411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80506eaed5956b1e2021-12-21 11:24:42.443root 11241100x8000000000000000526412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b80ae3221e5ef862021-12-21 11:24:42.444root 11241100x8000000000000000526413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b6b94badff6e882021-12-21 11:24:42.444root 11241100x8000000000000000526414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd0f82d46b7bc592021-12-21 11:24:42.444root 11241100x8000000000000000526415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cb3e148be95cff2021-12-21 11:24:42.444root 11241100x8000000000000000526416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f31fcf119aa59f92021-12-21 11:24:42.444root 11241100x8000000000000000526417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b0e5a687242b12021-12-21 11:24:42.444root 11241100x8000000000000000526418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c8d2e8de1580e92021-12-21 11:24:42.444root 11241100x8000000000000000526419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24017bdb5342cf292021-12-21 11:24:42.444root 11241100x8000000000000000526420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa33812ff418e7042021-12-21 11:24:42.444root 11241100x8000000000000000526421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200c803927c79d12021-12-21 11:24:42.444root 11241100x8000000000000000526422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae5217b0a8ba602021-12-21 11:24:42.444root 11241100x8000000000000000526423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106929cdcaeed4bd2021-12-21 11:24:42.943root 11241100x8000000000000000526424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f5565334da4a42021-12-21 11:24:42.943root 11241100x8000000000000000526425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aff5a16a15e78832021-12-21 11:24:42.943root 11241100x8000000000000000526426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc784460d943212021-12-21 11:24:42.943root 11241100x8000000000000000526427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52b09112daaac4e2021-12-21 11:24:42.943root 11241100x8000000000000000526428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd0e59d63487ff72021-12-21 11:24:42.943root 11241100x8000000000000000526429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee902b299dd505632021-12-21 11:24:42.944root 11241100x8000000000000000526430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403b599e848a40bd2021-12-21 11:24:42.944root 11241100x8000000000000000526431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e3a47e4e7e4a72021-12-21 11:24:42.944root 11241100x8000000000000000526432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02af6100bc10fbf32021-12-21 11:24:42.944root 11241100x8000000000000000526433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06f0657f8dc4cf02021-12-21 11:24:42.944root 11241100x8000000000000000526434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb830cc3a4439a52021-12-21 11:24:42.944root 11241100x8000000000000000526435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0b856e7c73e8852021-12-21 11:24:42.944root 11241100x8000000000000000526436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c429f2f0d2ceab2021-12-21 11:24:42.944root 11241100x8000000000000000526437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30010b9716ec8da52021-12-21 11:24:42.944root 11241100x8000000000000000526438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac98240ba578002021-12-21 11:24:42.944root 11241100x8000000000000000526439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9edf429b5e2ad2021-12-21 11:24:42.944root 11241100x8000000000000000526440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2abe8c8d584092021-12-21 11:24:43.443root 11241100x8000000000000000526441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a737e9784f484c92021-12-21 11:24:43.443root 11241100x8000000000000000526442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d252c1688a71f0462021-12-21 11:24:43.443root 11241100x8000000000000000526443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702fd1e75128fbee2021-12-21 11:24:43.443root 11241100x8000000000000000526444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d2cf655e85d1792021-12-21 11:24:43.444root 11241100x8000000000000000526445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220d6ef440754742021-12-21 11:24:43.444root 11241100x8000000000000000526446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdec04427217b70b2021-12-21 11:24:43.444root 11241100x8000000000000000526447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe29b4b554b1c30c2021-12-21 11:24:43.444root 11241100x8000000000000000526448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505122adaeaed0822021-12-21 11:24:43.444root 11241100x8000000000000000526449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe937c3392e30a52021-12-21 11:24:43.444root 11241100x8000000000000000526450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb568f20843bc992021-12-21 11:24:43.444root 11241100x8000000000000000526451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e90320e1b48ca882021-12-21 11:24:43.444root 11241100x8000000000000000526452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2a719d1d2ff42c2021-12-21 11:24:43.444root 11241100x8000000000000000526453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb78d97d0b9bc682021-12-21 11:24:43.444root 11241100x8000000000000000526454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e63b9a2c081b832021-12-21 11:24:43.444root 11241100x8000000000000000526455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c013c5576f2f502021-12-21 11:24:43.444root 11241100x8000000000000000526456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd360ebc582690f62021-12-21 11:24:43.444root 11241100x8000000000000000526457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f013a5ceff4d22021-12-21 11:24:43.943root 11241100x8000000000000000526458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d0f45027be7f4e2021-12-21 11:24:43.943root 11241100x8000000000000000526459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f484b2064961af62021-12-21 11:24:43.943root 11241100x8000000000000000526460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba493293dd9a2ff2021-12-21 11:24:43.943root 11241100x8000000000000000526461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c14edc9717971072021-12-21 11:24:43.944root 11241100x8000000000000000526462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1426a9ea3bfa42021-12-21 11:24:43.944root 11241100x8000000000000000526463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1125c49d3fdb846d2021-12-21 11:24:43.944root 11241100x8000000000000000526464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff34b2b6805945e2021-12-21 11:24:43.944root 11241100x8000000000000000526465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130058286c5340c92021-12-21 11:24:43.944root 11241100x8000000000000000526466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c25f7f67f57d662021-12-21 11:24:43.944root 11241100x8000000000000000526467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3ff536a24ada502021-12-21 11:24:43.944root 11241100x8000000000000000526468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4991ad7b4f34202021-12-21 11:24:43.944root 11241100x8000000000000000526469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e4a69d28fbfea2021-12-21 11:24:43.944root 11241100x8000000000000000526470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097076d01253952d2021-12-21 11:24:43.944root 11241100x8000000000000000526471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfd23291ff190ff2021-12-21 11:24:43.944root 11241100x8000000000000000526472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042d8ac5318412c2021-12-21 11:24:43.944root 11241100x8000000000000000526473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0537ecf936f946c2021-12-21 11:24:43.944root 354300x8000000000000000526474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.234{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48500-false10.0.1.12-8000- 11241100x8000000000000000526475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e2c2df9a5d35a62021-12-21 11:24:44.235root 11241100x8000000000000000526476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8469e34eaae332021-12-21 11:24:44.235root 11241100x8000000000000000526477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4170fe13f7efcb802021-12-21 11:24:44.235root 11241100x8000000000000000526478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0584022f6603cd2021-12-21 11:24:44.235root 11241100x8000000000000000526479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2bcebd58bb7f6c2021-12-21 11:24:44.235root 11241100x8000000000000000526480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481bfd89c05fb2832021-12-21 11:24:44.235root 11241100x8000000000000000526481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74542fcb7089a5682021-12-21 11:24:44.235root 11241100x8000000000000000526482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931996a50ffac1d12021-12-21 11:24:44.235root 11241100x8000000000000000526483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead4174c457cde2a2021-12-21 11:24:44.235root 11241100x8000000000000000526484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b4d667595d72cf2021-12-21 11:24:44.235root 11241100x8000000000000000526485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1292b3a2b5f09052021-12-21 11:24:44.235root 11241100x8000000000000000526486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ca23b594be1bb2021-12-21 11:24:44.236root 11241100x8000000000000000526487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a240f2fcc2314b2021-12-21 11:24:44.236root 11241100x8000000000000000526488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1b045e4dfa525e2021-12-21 11:24:44.236root 11241100x8000000000000000526489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806394a2f95d1b542021-12-21 11:24:44.236root 11241100x8000000000000000526490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e7a3d3304e0ec2021-12-21 11:24:44.236root 11241100x8000000000000000526491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1bec33a1a0e7902021-12-21 11:24:44.236root 11241100x8000000000000000526492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb642d5997a4dc22021-12-21 11:24:44.236root 11241100x8000000000000000526493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6601f197c1d55bb32021-12-21 11:24:44.237root 11241100x8000000000000000526494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a215011f4c6fa7332021-12-21 11:24:44.237root 11241100x8000000000000000526495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f1b7787789375a2021-12-21 11:24:44.237root 11241100x8000000000000000526496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc84fd5792689e2021-12-21 11:24:44.237root 11241100x8000000000000000526497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cba35e9a9c94ba2021-12-21 11:24:44.237root 11241100x8000000000000000526498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a72285c34a546792021-12-21 11:24:44.237root 11241100x8000000000000000526499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d6989246552442021-12-21 11:24:44.237root 11241100x8000000000000000526500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459ad9c8e00ded8d2021-12-21 11:24:44.238root 11241100x8000000000000000526501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0ecaecfd8c4c5a2021-12-21 11:24:44.238root 11241100x8000000000000000526502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924fd8e0a3e6b11d2021-12-21 11:24:44.238root 11241100x8000000000000000526503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48afb38929d80b9d2021-12-21 11:24:44.238root 11241100x8000000000000000526504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81672b38c7a8a6d32021-12-21 11:24:44.239root 11241100x8000000000000000526505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae73f3a50d5c9c42021-12-21 11:24:44.239root 11241100x8000000000000000526506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71060e18a998def42021-12-21 11:24:44.239root 11241100x8000000000000000526507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab72e5c6be95b472021-12-21 11:24:44.239root 11241100x8000000000000000526508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00085e26d4e077bc2021-12-21 11:24:44.240root 11241100x8000000000000000526509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270f4d12a997a7ed2021-12-21 11:24:44.693root 11241100x8000000000000000526510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bac4e98eeec470b2021-12-21 11:24:44.693root 11241100x8000000000000000526511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da4539e273e93a2021-12-21 11:24:44.693root 11241100x8000000000000000526512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6eec86fe360da2021-12-21 11:24:44.693root 11241100x8000000000000000526513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a0f4c94ddefe8e2021-12-21 11:24:44.693root 11241100x8000000000000000526514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e02c1ee95cbad322021-12-21 11:24:44.693root 11241100x8000000000000000526515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233163a5150001762021-12-21 11:24:44.694root 11241100x8000000000000000526516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcad638084975172021-12-21 11:24:44.694root 11241100x8000000000000000526517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7efa11b6591a37c2021-12-21 11:24:44.694root 11241100x8000000000000000526518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b65e60c9bf5842021-12-21 11:24:44.694root 11241100x8000000000000000526519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5d2181a3c122f2021-12-21 11:24:44.694root 11241100x8000000000000000526520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1635737c7a5f50fd2021-12-21 11:24:44.694root 11241100x8000000000000000526521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d54517ace62647f2021-12-21 11:24:44.694root 11241100x8000000000000000526522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af731a0abf3c176a2021-12-21 11:24:44.694root 11241100x8000000000000000526523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e637401e2a40793d2021-12-21 11:24:44.694root 11241100x8000000000000000526524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7504dc1383fde08c2021-12-21 11:24:44.694root 11241100x8000000000000000526525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac2f6a99ef18dd2021-12-21 11:24:44.694root 11241100x8000000000000000526526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f70ca1ed8e308022021-12-21 11:24:44.694root 11241100x8000000000000000526527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a8daecaa67f0d2021-12-21 11:24:45.193root 11241100x8000000000000000526528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde13cecc09507b72021-12-21 11:24:45.193root 11241100x8000000000000000526529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d14068bf27c8c332021-12-21 11:24:45.193root 11241100x8000000000000000526530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb7b52e9a19c812021-12-21 11:24:45.193root 11241100x8000000000000000526531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf480804bb97812021-12-21 11:24:45.193root 11241100x8000000000000000526532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c27460b91fc66f2021-12-21 11:24:45.193root 11241100x8000000000000000526533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff32c8206afc5c82021-12-21 11:24:45.194root 11241100x8000000000000000526534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92388c9a2d034afd2021-12-21 11:24:45.194root 11241100x8000000000000000526535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e63111909cf992021-12-21 11:24:45.194root 11241100x8000000000000000526536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2e9fe95733b8df2021-12-21 11:24:45.194root 11241100x8000000000000000526537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27201b20fdc746d2021-12-21 11:24:45.194root 11241100x8000000000000000526538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9604009009fabf2021-12-21 11:24:45.194root 11241100x8000000000000000526539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb40f3d61b4b2932021-12-21 11:24:45.194root 11241100x8000000000000000526540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be0669938e917102021-12-21 11:24:45.194root 11241100x8000000000000000526541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ccefe13f067fa2021-12-21 11:24:45.194root 11241100x8000000000000000526542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c4e531d0b7b252021-12-21 11:24:45.194root 11241100x8000000000000000526543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dae525a76665342021-12-21 11:24:45.194root 11241100x8000000000000000526544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d93e00a234176d2021-12-21 11:24:45.194root 11241100x8000000000000000526545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec05a9cae93420c2021-12-21 11:24:45.693root 11241100x8000000000000000526546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05898772199cf87f2021-12-21 11:24:45.693root 11241100x8000000000000000526547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa01796e05f119f2021-12-21 11:24:45.693root 11241100x8000000000000000526548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c608ab8c2a3e3b72021-12-21 11:24:45.693root 11241100x8000000000000000526549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b9b6729c3f6ba52021-12-21 11:24:45.693root 11241100x8000000000000000526550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c9463d72d683222021-12-21 11:24:45.694root 11241100x8000000000000000526551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caae492ee0f8bf142021-12-21 11:24:45.694root 11241100x8000000000000000526552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35160698c29e3e182021-12-21 11:24:45.694root 11241100x8000000000000000526553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e6f734da271022021-12-21 11:24:45.694root 11241100x8000000000000000526554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa5d507d2c77292021-12-21 11:24:45.694root 11241100x8000000000000000526555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7fe3b175c6b3ca2021-12-21 11:24:45.694root 11241100x8000000000000000526556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cea9ec72a43dc7b2021-12-21 11:24:45.694root 11241100x8000000000000000526557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf16fa6b8cc4072021-12-21 11:24:45.694root 11241100x8000000000000000526558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97631065eabb76952021-12-21 11:24:45.694root 11241100x8000000000000000526559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6f1ec90d6250f62021-12-21 11:24:45.694root 11241100x8000000000000000526560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65afbf33d931cc752021-12-21 11:24:45.694root 11241100x8000000000000000526561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1050efba86e5b5412021-12-21 11:24:45.694root 11241100x8000000000000000526562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1876bdd908abc612021-12-21 11:24:45.695root 11241100x8000000000000000526563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324973f32a34a74c2021-12-21 11:24:46.193root 11241100x8000000000000000526564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2d4ec4bc3763052021-12-21 11:24:46.193root 11241100x8000000000000000526565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d9d562365709702021-12-21 11:24:46.193root 11241100x8000000000000000526566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500d803d0eb98d272021-12-21 11:24:46.193root 11241100x8000000000000000526567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69927f524a0e751d2021-12-21 11:24:46.194root 11241100x8000000000000000526568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e925d3aa7da3ac2021-12-21 11:24:46.194root 11241100x8000000000000000526569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22538fc212e64af42021-12-21 11:24:46.194root 11241100x8000000000000000526570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ec4d5d52180e392021-12-21 11:24:46.194root 11241100x8000000000000000526571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70293a61bb2db882021-12-21 11:24:46.194root 11241100x8000000000000000526572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f650bf6e85b9ec2021-12-21 11:24:46.194root 11241100x8000000000000000526573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dead3d755dc8b4d52021-12-21 11:24:46.194root 11241100x8000000000000000526574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7c6875b95dc2882021-12-21 11:24:46.194root 11241100x8000000000000000526575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ebf2c94f15720e2021-12-21 11:24:46.194root 11241100x8000000000000000526576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7335c5b4307a239d2021-12-21 11:24:46.194root 11241100x8000000000000000526577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35541c87c2cd12dc2021-12-21 11:24:46.194root 11241100x8000000000000000526578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9999e4598f76f242021-12-21 11:24:46.194root 11241100x8000000000000000526579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd460ae1ff62d4b2021-12-21 11:24:46.194root 11241100x8000000000000000526580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2745640cd10de25a2021-12-21 11:24:46.194root 11241100x8000000000000000526581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51952d5d1e21af62021-12-21 11:24:46.693root 11241100x8000000000000000526582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa60235a07eeecf32021-12-21 11:24:46.693root 11241100x8000000000000000526583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f06cfffb21a9ee2021-12-21 11:24:46.693root 11241100x8000000000000000526584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512f2bfab15ade462021-12-21 11:24:46.693root 11241100x8000000000000000526585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ec94842b30a162021-12-21 11:24:46.693root 11241100x8000000000000000526586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba5bf6bc53a83952021-12-21 11:24:46.694root 11241100x8000000000000000526587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5eb7feb5f09d4f2021-12-21 11:24:46.694root 11241100x8000000000000000526588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b9cd51f45c986f2021-12-21 11:24:46.694root 11241100x8000000000000000526589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b37bbb0fb37b9ee2021-12-21 11:24:46.694root 11241100x8000000000000000526590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb6e31a628e6c52021-12-21 11:24:46.694root 11241100x8000000000000000526591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfb39f87ae55a3b2021-12-21 11:24:46.694root 11241100x8000000000000000526592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed181e1af74205ca2021-12-21 11:24:46.694root 11241100x8000000000000000526593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b911dfec53892f02021-12-21 11:24:46.694root 11241100x8000000000000000526594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2026395a54f3e1132021-12-21 11:24:46.694root 11241100x8000000000000000526595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180800c2f76beef2021-12-21 11:24:46.694root 11241100x8000000000000000526596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f11bb2a532a77b2021-12-21 11:24:46.694root 11241100x8000000000000000526597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e6f3d1a35aea8b2021-12-21 11:24:46.694root 11241100x8000000000000000526598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee47e2838b96d43e2021-12-21 11:24:46.694root 11241100x8000000000000000526599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f32182fe75763e2021-12-21 11:24:47.193root 11241100x8000000000000000526600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.face4a41b5aa89dc2021-12-21 11:24:47.193root 11241100x8000000000000000526601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a3f0609ccdd28c2021-12-21 11:24:47.193root 11241100x8000000000000000526602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24dd5ca89cb90c02021-12-21 11:24:47.193root 11241100x8000000000000000526603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5727ccf61ef371472021-12-21 11:24:47.193root 11241100x8000000000000000526604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363ff5eafcb07ad2021-12-21 11:24:47.194root 11241100x8000000000000000526605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc723afc2a82ca32021-12-21 11:24:47.194root 11241100x8000000000000000526606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62761283c953c9072021-12-21 11:24:47.194root 11241100x8000000000000000526607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394db3aa9336a7982021-12-21 11:24:47.194root 11241100x8000000000000000526608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d34221b62ae902021-12-21 11:24:47.194root 11241100x8000000000000000526609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63291d48771eb7022021-12-21 11:24:47.194root 11241100x8000000000000000526610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cab2eaf573fdba2021-12-21 11:24:47.194root 11241100x8000000000000000526611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46daf2d84a55b93d2021-12-21 11:24:47.194root 11241100x8000000000000000526612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed438054c48ac142021-12-21 11:24:47.194root 11241100x8000000000000000526613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b9f09bcfe4adaf2021-12-21 11:24:47.194root 11241100x8000000000000000526614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018f053426997ea72021-12-21 11:24:47.195root 11241100x8000000000000000526615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db739703528cecd2021-12-21 11:24:47.195root 11241100x8000000000000000526616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b006bb5f999102021-12-21 11:24:47.195root 11241100x8000000000000000526617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f744b42a49db10c62021-12-21 11:24:47.693root 11241100x8000000000000000526618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8e6c8691621852021-12-21 11:24:47.693root 11241100x8000000000000000526619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa1c68cfefd8dfb2021-12-21 11:24:47.694root 11241100x8000000000000000526620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0c38662b29a1952021-12-21 11:24:47.694root 11241100x8000000000000000526621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e0d2cd3b24e122021-12-21 11:24:47.694root 11241100x8000000000000000526622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f8dd4cb4177762021-12-21 11:24:47.694root 11241100x8000000000000000526623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e28bcf57850ac22021-12-21 11:24:47.694root 11241100x8000000000000000526624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4014f9bde4952e62021-12-21 11:24:47.694root 11241100x8000000000000000526625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913f84cc0c0e49572021-12-21 11:24:47.694root 11241100x8000000000000000526626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ba0006153cfc4d2021-12-21 11:24:47.694root 11241100x8000000000000000526627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7f4eff50d71fb2021-12-21 11:24:47.694root 11241100x8000000000000000526628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10af38c2a238eef22021-12-21 11:24:47.694root 11241100x8000000000000000526629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3777a5526ed9872021-12-21 11:24:47.695root 11241100x8000000000000000526630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b951a6a3b653bed2021-12-21 11:24:47.695root 11241100x8000000000000000526631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533c9c6c7b47e62c2021-12-21 11:24:47.695root 11241100x8000000000000000526632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a2285123b3195e2021-12-21 11:24:47.695root 11241100x8000000000000000526633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bcca3df396a9622021-12-21 11:24:47.695root 11241100x8000000000000000526634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4fed9a74256b8b2021-12-21 11:24:47.695root 11241100x8000000000000000526635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d7eae73dfa3822021-12-21 11:24:48.193root 11241100x8000000000000000526636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ce013a06aec5d52021-12-21 11:24:48.193root 11241100x8000000000000000526637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050cac8a55ce44882021-12-21 11:24:48.193root 11241100x8000000000000000526638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b7b8638a894ee2021-12-21 11:24:48.193root 11241100x8000000000000000526639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df1e024477195282021-12-21 11:24:48.193root 11241100x8000000000000000526640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f5a59ce0288892021-12-21 11:24:48.194root 11241100x8000000000000000526641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02324323d5e4f08c2021-12-21 11:24:48.194root 11241100x8000000000000000526642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8e844875d5aa552021-12-21 11:24:48.194root 11241100x8000000000000000526643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9a6f432aa68e382021-12-21 11:24:48.194root 11241100x8000000000000000526644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e572bca35e7b0e732021-12-21 11:24:48.194root 11241100x8000000000000000526645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ce16272691bf5a2021-12-21 11:24:48.194root 11241100x8000000000000000526646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3d34eeb5db3d72021-12-21 11:24:48.194root 11241100x8000000000000000526647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25c31836a52aa192021-12-21 11:24:48.194root 11241100x8000000000000000526648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7939ddc449660a82021-12-21 11:24:48.194root 11241100x8000000000000000526649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b05c60b355d320e2021-12-21 11:24:48.194root 11241100x8000000000000000526650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1b3a12b4a85042021-12-21 11:24:48.194root 11241100x8000000000000000526651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c198015998200a2021-12-21 11:24:48.194root 11241100x8000000000000000526652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5145847fe22d292021-12-21 11:24:48.194root 11241100x8000000000000000526653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a26fde0eeedb82021-12-21 11:24:48.693root 11241100x8000000000000000526654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dfc334bc2940932021-12-21 11:24:48.693root 11241100x8000000000000000526655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c02c3dc76d070242021-12-21 11:24:48.693root 11241100x8000000000000000526656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f87b525ec161392021-12-21 11:24:48.694root 11241100x8000000000000000526657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6741fe8c36391c82021-12-21 11:24:48.694root 11241100x8000000000000000526658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3461a7bf8ebdad2021-12-21 11:24:48.694root 11241100x8000000000000000526659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612ee2d9b094c7582021-12-21 11:24:48.694root 11241100x8000000000000000526660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977b6b3b84238d22021-12-21 11:24:48.694root 11241100x8000000000000000526661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb63fe86fde3fe2021-12-21 11:24:48.694root 11241100x8000000000000000526662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7343df6c756951d2021-12-21 11:24:48.694root 11241100x8000000000000000526663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a00f3b8b5f236b42021-12-21 11:24:48.694root 11241100x8000000000000000526664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1cd08db5010a5b2021-12-21 11:24:48.694root 11241100x8000000000000000526665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2a383cd71e12fd2021-12-21 11:24:48.694root 11241100x8000000000000000526666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1cca5d575b294b2021-12-21 11:24:48.694root 11241100x8000000000000000526667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607d5e693ea3a88c2021-12-21 11:24:48.694root 11241100x8000000000000000526668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3321ae6f563aa9c22021-12-21 11:24:48.694root 11241100x8000000000000000526669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9bdd0d5a7aef92021-12-21 11:24:48.694root 11241100x8000000000000000526670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7155b7965fc698a2021-12-21 11:24:48.694root 11241100x8000000000000000526671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91ae54dd56642212021-12-21 11:24:49.193root 11241100x8000000000000000526672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2538096d98a9f6c52021-12-21 11:24:49.193root 11241100x8000000000000000526673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946566b736a74f392021-12-21 11:24:49.193root 11241100x8000000000000000526674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47820b01cb2e9ea32021-12-21 11:24:49.193root 11241100x8000000000000000526675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a9390ae901a08a2021-12-21 11:24:49.194root 11241100x8000000000000000526676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caead77db7593592021-12-21 11:24:49.194root 11241100x8000000000000000526677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f36295ab28dac2021-12-21 11:24:49.194root 11241100x8000000000000000526678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336c803d4a4cfa882021-12-21 11:24:49.194root 11241100x8000000000000000526679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9708ff4c6a59202021-12-21 11:24:49.194root 11241100x8000000000000000526680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c92639621960ee2021-12-21 11:24:49.194root 11241100x8000000000000000526681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b46d591fc6830fe2021-12-21 11:24:49.194root 11241100x8000000000000000526682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b5c680bbb55662021-12-21 11:24:49.194root 11241100x8000000000000000526683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfc8d931adb0cf52021-12-21 11:24:49.194root 11241100x8000000000000000526684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766bd3286d2894132021-12-21 11:24:49.194root 11241100x8000000000000000526685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446df6afc85185282021-12-21 11:24:49.194root 11241100x8000000000000000526686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e408f79c72ba612021-12-21 11:24:49.194root 11241100x8000000000000000526687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878aba7240eb56502021-12-21 11:24:49.194root 11241100x8000000000000000526688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e08c5c76945b382021-12-21 11:24:49.194root 11241100x8000000000000000526689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6331bf096eff0182021-12-21 11:24:49.692root 11241100x8000000000000000526690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea8c1c68294aa82021-12-21 11:24:49.693root 11241100x8000000000000000526691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449886c91daf43682021-12-21 11:24:49.693root 11241100x8000000000000000526692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24efd296e290111a2021-12-21 11:24:49.693root 11241100x8000000000000000526693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c3c5d72278e882021-12-21 11:24:49.693root 11241100x8000000000000000526694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb15e7cfdeb50e82021-12-21 11:24:49.694root 11241100x8000000000000000526695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5592df7265e0942021-12-21 11:24:49.694root 11241100x8000000000000000526696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf24daaa308f17e2021-12-21 11:24:49.694root 11241100x8000000000000000526697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef643a719aabf0f72021-12-21 11:24:49.694root 11241100x8000000000000000526698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32faba7f13fcd7672021-12-21 11:24:49.694root 11241100x8000000000000000526699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ae2ac62644a4162021-12-21 11:24:49.695root 11241100x8000000000000000526700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00e088635fa5132021-12-21 11:24:49.695root 11241100x8000000000000000526701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abbf61996190d2b2021-12-21 11:24:49.695root 11241100x8000000000000000526702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3ba52f010c8e02021-12-21 11:24:49.695root 11241100x8000000000000000526703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe919713a8644732021-12-21 11:24:49.695root 11241100x8000000000000000526704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2122ac3f972feb7e2021-12-21 11:24:49.696root 11241100x8000000000000000526705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447d8ba8f60868582021-12-21 11:24:49.697root 11241100x8000000000000000526706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb51323e5ac11472021-12-21 11:24:49.697root 11241100x8000000000000000526707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe7aa5d80ecc8de2021-12-21 11:24:49.698root 11241100x8000000000000000526708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f835f53e3b08c2021-12-21 11:24:49.699root 11241100x8000000000000000526709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020bdb4d23f943742021-12-21 11:24:49.699root 11241100x8000000000000000526710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:49.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ccac117a898ce32021-12-21 11:24:49.699root 354300x8000000000000000526711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.174{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48502-false10.0.1.12-8000- 11241100x8000000000000000526712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad0f1bfaad436452021-12-21 11:24:50.175root 11241100x8000000000000000526713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f90c8331a0f82a72021-12-21 11:24:50.175root 11241100x8000000000000000526714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c9be7fde4109862021-12-21 11:24:50.175root 11241100x8000000000000000526715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e9386812893ef22021-12-21 11:24:50.175root 11241100x8000000000000000526716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c30f495a16fa92021-12-21 11:24:50.175root 11241100x8000000000000000526717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e79c4dc8e4fa842021-12-21 11:24:50.175root 11241100x8000000000000000526718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a55626e6c3fd322021-12-21 11:24:50.176root 11241100x8000000000000000526719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e2538b36de8322021-12-21 11:24:50.176root 11241100x8000000000000000526720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3a33e56dc883a92021-12-21 11:24:50.176root 11241100x8000000000000000526721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2817e1812a2e58c2021-12-21 11:24:50.176root 11241100x8000000000000000526722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5680a0ba5ccd0372021-12-21 11:24:50.176root 11241100x8000000000000000526723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017b78a488ff26472021-12-21 11:24:50.176root 11241100x8000000000000000526724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499a36bfc1b41ea72021-12-21 11:24:50.176root 11241100x8000000000000000526725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029d23cdcd8f32822021-12-21 11:24:50.176root 11241100x8000000000000000526726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c9d75318998f522021-12-21 11:24:50.176root 11241100x8000000000000000526727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0921e1f47c813762021-12-21 11:24:50.176root 11241100x8000000000000000526728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72e1a12f7860f122021-12-21 11:24:50.176root 11241100x8000000000000000526729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d2f743fb0145dd2021-12-21 11:24:50.176root 11241100x8000000000000000526730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a56ccdf335645c2021-12-21 11:24:50.176root 11241100x8000000000000000526731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c6f81d045c4d652021-12-21 11:24:50.443root 11241100x8000000000000000526732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3290741910ebad9b2021-12-21 11:24:50.443root 11241100x8000000000000000526733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5097f4504994162021-12-21 11:24:50.443root 11241100x8000000000000000526734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022d8726fd9f7b1d2021-12-21 11:24:50.443root 11241100x8000000000000000526735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c6d4dffc0ca6482021-12-21 11:24:50.443root 11241100x8000000000000000526736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1dff9dab3f467a2021-12-21 11:24:50.444root 11241100x8000000000000000526737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a40673d621f1f52021-12-21 11:24:50.444root 11241100x8000000000000000526738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb158b3d26ec6d92021-12-21 11:24:50.444root 11241100x8000000000000000526739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0120cab1b3cc7ba02021-12-21 11:24:50.444root 11241100x8000000000000000526740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7612b06a811454f2021-12-21 11:24:50.444root 11241100x8000000000000000526741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ca34d239bb4ec82021-12-21 11:24:50.444root 11241100x8000000000000000526742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde9a6da2db621d52021-12-21 11:24:50.444root 11241100x8000000000000000526743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc89041b403bc1b42021-12-21 11:24:50.444root 11241100x8000000000000000526744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff6aecf5f019b02021-12-21 11:24:50.444root 11241100x8000000000000000526745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435258ad4870fd2c2021-12-21 11:24:50.444root 11241100x8000000000000000526746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c74c56b01e44ba52021-12-21 11:24:50.444root 11241100x8000000000000000526747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10869fa96f03d3cf2021-12-21 11:24:50.444root 11241100x8000000000000000526748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029d74d57129162a2021-12-21 11:24:50.444root 11241100x8000000000000000526749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729a2a9b0bab76992021-12-21 11:24:50.444root 11241100x8000000000000000526750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e59a6aa300add22021-12-21 11:24:50.943root 11241100x8000000000000000526751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e788e080d111f2021-12-21 11:24:50.943root 11241100x8000000000000000526752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d8bab311a2f522021-12-21 11:24:50.943root 11241100x8000000000000000526753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a300c09425c7c722021-12-21 11:24:50.943root 11241100x8000000000000000526754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f966fd10f04242021-12-21 11:24:50.944root 11241100x8000000000000000526755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff011b3c53daedf62021-12-21 11:24:50.944root 11241100x8000000000000000526756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35efd36ede1a69002021-12-21 11:24:50.944root 11241100x8000000000000000526757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58e05ad3e89bd042021-12-21 11:24:50.944root 11241100x8000000000000000526758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb7d51b4ad528382021-12-21 11:24:50.944root 11241100x8000000000000000526759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b92034746c9a532021-12-21 11:24:50.944root 11241100x8000000000000000526760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4350d9de26cc7d2021-12-21 11:24:50.944root 11241100x8000000000000000526761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2cc09d5e9774712021-12-21 11:24:50.944root 11241100x8000000000000000526762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497ee84a251c6efc2021-12-21 11:24:50.944root 11241100x8000000000000000526763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a791a36359f75462021-12-21 11:24:50.944root 11241100x8000000000000000526764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198509371cd967052021-12-21 11:24:50.944root 11241100x8000000000000000526765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0138470b3868850d2021-12-21 11:24:50.944root 11241100x8000000000000000526766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670c660d30ef7442021-12-21 11:24:50.944root 11241100x8000000000000000526767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85143d47cf75072021-12-21 11:24:50.945root 11241100x8000000000000000526768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b223e90c77c4cbd2021-12-21 11:24:50.945root 11241100x8000000000000000526769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8156128935b525842021-12-21 11:24:51.443root 11241100x8000000000000000526770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db047baad72284312021-12-21 11:24:51.443root 11241100x8000000000000000526771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e652b01b6366a32021-12-21 11:24:51.444root 11241100x8000000000000000526772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6900a6091e15e2021-12-21 11:24:51.444root 11241100x8000000000000000526773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b4b28911473082021-12-21 11:24:51.444root 11241100x8000000000000000526774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420c763af3fecec2021-12-21 11:24:51.444root 11241100x8000000000000000526775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9684174def66adc82021-12-21 11:24:51.444root 11241100x8000000000000000526776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca8f3dab0b66d512021-12-21 11:24:51.444root 11241100x8000000000000000526777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b084b88b93083672021-12-21 11:24:51.444root 11241100x8000000000000000526778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1960a042dd65672021-12-21 11:24:51.444root 11241100x8000000000000000526779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ecc5b0913eff562021-12-21 11:24:51.444root 11241100x8000000000000000526780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78033e99c35d622021-12-21 11:24:51.444root 11241100x8000000000000000526781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebc3ebe2f88cf4d2021-12-21 11:24:51.444root 11241100x8000000000000000526782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e729639f1c11ba352021-12-21 11:24:51.444root 11241100x8000000000000000526783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1becacf6fecde1282021-12-21 11:24:51.444root 11241100x8000000000000000526784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90adaa28c911f0212021-12-21 11:24:51.444root 11241100x8000000000000000526785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ba390a7730b8e2021-12-21 11:24:51.444root 11241100x8000000000000000526786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6add5fa6ea6437742021-12-21 11:24:51.445root 11241100x8000000000000000526787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b9c8f54a267cb22021-12-21 11:24:51.445root 11241100x8000000000000000526788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea8132fa4fe33b2021-12-21 11:24:51.943root 11241100x8000000000000000526789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725bbd1dee9976bc2021-12-21 11:24:51.943root 11241100x8000000000000000526790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e480ad9bca2e252021-12-21 11:24:51.943root 11241100x8000000000000000526791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc30c453d979711b2021-12-21 11:24:51.943root 11241100x8000000000000000526792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3c5449f85083942021-12-21 11:24:51.944root 11241100x8000000000000000526793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5ad32a262281392021-12-21 11:24:51.944root 11241100x8000000000000000526794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9814f9cbe9941c852021-12-21 11:24:51.944root 11241100x8000000000000000526795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9fdb5b695f3c52021-12-21 11:24:51.944root 11241100x8000000000000000526796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c36682429eff17f2021-12-21 11:24:51.944root 11241100x8000000000000000526797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9eae076251c5cc2021-12-21 11:24:51.944root 11241100x8000000000000000526798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00cef506362d2ac2021-12-21 11:24:51.944root 11241100x8000000000000000526799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a24f24b679ccb92021-12-21 11:24:51.944root 11241100x8000000000000000526800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0a77294ac50472021-12-21 11:24:51.944root 11241100x8000000000000000526801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eeb73584e884602021-12-21 11:24:51.944root 11241100x8000000000000000526802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6286dd1a11eb1e2021-12-21 11:24:51.944root 11241100x8000000000000000526803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8375c177b597562021-12-21 11:24:51.944root 11241100x8000000000000000526804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d2c8b1a19847ca2021-12-21 11:24:51.944root 11241100x8000000000000000526805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311c7d2a09232f252021-12-21 11:24:51.944root 11241100x8000000000000000526806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d2afbfce0a65902021-12-21 11:24:51.944root 11241100x8000000000000000526807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a906594734f92de82021-12-21 11:24:52.443root 11241100x8000000000000000526808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a7e92997c67be82021-12-21 11:24:52.443root 11241100x8000000000000000526809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e973037521800d2021-12-21 11:24:52.443root 11241100x8000000000000000526810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f021b8d8c3ac9e32021-12-21 11:24:52.443root 11241100x8000000000000000526811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90f02662528b0e2021-12-21 11:24:52.444root 11241100x8000000000000000526812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d865b98e508773932021-12-21 11:24:52.444root 11241100x8000000000000000526813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b6b07821ca65e2021-12-21 11:24:52.444root 11241100x8000000000000000526814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5618ff626f633f772021-12-21 11:24:52.444root 11241100x8000000000000000526815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd4ebbfdbce4aa42021-12-21 11:24:52.444root 11241100x8000000000000000526816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a492adb3d12898832021-12-21 11:24:52.444root 11241100x8000000000000000526817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf58cd5a8c56a072021-12-21 11:24:52.444root 11241100x8000000000000000526818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db70389d5a1046c2021-12-21 11:24:52.444root 11241100x8000000000000000526819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d90be97d319a5d2021-12-21 11:24:52.444root 11241100x8000000000000000526820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b43cc14a457f58c2021-12-21 11:24:52.444root 11241100x8000000000000000526821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab6285357671ad32021-12-21 11:24:52.444root 11241100x8000000000000000526822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f17a6f641c8242021-12-21 11:24:52.445root 11241100x8000000000000000526823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8ba964729ec0a72021-12-21 11:24:52.445root 11241100x8000000000000000526824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17df25f061863202021-12-21 11:24:52.445root 11241100x8000000000000000526825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbbb447a6dda13e2021-12-21 11:24:52.445root 11241100x8000000000000000526826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe66dae1e58d0482021-12-21 11:24:52.943root 11241100x8000000000000000526827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b9a705cac124d2021-12-21 11:24:52.943root 11241100x8000000000000000526828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3686dd51be4b34642021-12-21 11:24:52.943root 11241100x8000000000000000526829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbff1e135a416292021-12-21 11:24:52.944root 11241100x8000000000000000526830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed413058f89f29332021-12-21 11:24:52.944root 11241100x8000000000000000526831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dad433b0cda862d2021-12-21 11:24:52.944root 11241100x8000000000000000526832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc505ba3845ece912021-12-21 11:24:52.944root 11241100x8000000000000000526833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e44417e9c7631702021-12-21 11:24:52.944root 11241100x8000000000000000526834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad9654eded6b88b2021-12-21 11:24:52.944root 11241100x8000000000000000526835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09f84b1b08d3d962021-12-21 11:24:52.944root 11241100x8000000000000000526836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566eac735011a11a2021-12-21 11:24:52.944root 11241100x8000000000000000526837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e534644892930802021-12-21 11:24:52.944root 11241100x8000000000000000526838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d6ef6502b05b92021-12-21 11:24:52.944root 11241100x8000000000000000526839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e4b3421d8545832021-12-21 11:24:52.944root 11241100x8000000000000000526840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68bf5b425978d1e2021-12-21 11:24:52.944root 11241100x8000000000000000526841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5298347aba783f72021-12-21 11:24:52.944root 11241100x8000000000000000526842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba48bb4f26b8272021-12-21 11:24:52.944root 11241100x8000000000000000526843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fe251dd1ac553f2021-12-21 11:24:52.945root 11241100x8000000000000000526844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe0cf1d1e86d5e62021-12-21 11:24:52.945root 11241100x8000000000000000526845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edcecf768757cc22021-12-21 11:24:53.443root 11241100x8000000000000000526846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980c6c2920f3c7452021-12-21 11:24:53.443root 11241100x8000000000000000526847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba0fce7ff31a1e82021-12-21 11:24:53.443root 11241100x8000000000000000526848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668616f6b1cbdf622021-12-21 11:24:53.443root 11241100x8000000000000000526849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a406579ac7afa02021-12-21 11:24:53.444root 11241100x8000000000000000526850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b45252ff3d1a5382021-12-21 11:24:53.444root 11241100x8000000000000000526851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fbde4734836b952021-12-21 11:24:53.444root 11241100x8000000000000000526852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d939162959b7a92021-12-21 11:24:53.444root 11241100x8000000000000000526853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea2a38f33cb97e92021-12-21 11:24:53.444root 11241100x8000000000000000526854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc4ce9e2d2616be2021-12-21 11:24:53.444root 11241100x8000000000000000526855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36c168bed5e9a62021-12-21 11:24:53.444root 11241100x8000000000000000526856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b79c4c84804fc2021-12-21 11:24:53.444root 11241100x8000000000000000526857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154976e32c07c892021-12-21 11:24:53.444root 11241100x8000000000000000526858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeb8726fa3120b72021-12-21 11:24:53.444root 11241100x8000000000000000526859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b339ed36ddd9722021-12-21 11:24:53.444root 11241100x8000000000000000526860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41bbe8645543ff12021-12-21 11:24:53.444root 11241100x8000000000000000526861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b115eb1df0a5092021-12-21 11:24:53.444root 11241100x8000000000000000526862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52809ab69cc68ca42021-12-21 11:24:53.444root 11241100x8000000000000000526863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2bdd0f7742241b2021-12-21 11:24:53.444root 11241100x8000000000000000526864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545b6637818c5dea2021-12-21 11:24:53.943root 11241100x8000000000000000526865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a8dc8f08d3ffc22021-12-21 11:24:53.943root 11241100x8000000000000000526866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62268a6f642a7ffe2021-12-21 11:24:53.943root 11241100x8000000000000000526867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33887eaa2345d7762021-12-21 11:24:53.943root 11241100x8000000000000000526868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e99640bbd43d812021-12-21 11:24:53.944root 11241100x8000000000000000526869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb1a4f8bbf3bc5f2021-12-21 11:24:53.944root 11241100x8000000000000000526870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0601e7c0f3db702021-12-21 11:24:53.944root 11241100x8000000000000000526871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c946c850ab723192021-12-21 11:24:53.944root 11241100x8000000000000000526872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3650c6c32a0372ac2021-12-21 11:24:53.944root 11241100x8000000000000000526873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97802be0254ef91d2021-12-21 11:24:53.944root 11241100x8000000000000000526874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cae4a2800d21c02021-12-21 11:24:53.944root 11241100x8000000000000000526875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9547600780e5ef512021-12-21 11:24:53.944root 11241100x8000000000000000526876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0326ed441cdfe9e02021-12-21 11:24:53.944root 11241100x8000000000000000526877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba766421299988bd2021-12-21 11:24:53.944root 11241100x8000000000000000526878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d871301855a973d2021-12-21 11:24:53.944root 11241100x8000000000000000526879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abbce3069172a3b2021-12-21 11:24:53.944root 11241100x8000000000000000526880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c240824a443e962021-12-21 11:24:53.944root 11241100x8000000000000000526881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e8a0e118d44eb2021-12-21 11:24:53.944root 11241100x8000000000000000526882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07641b1da0588692021-12-21 11:24:53.944root 11241100x8000000000000000526883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d49ad63571c48a62021-12-21 11:24:54.443root 11241100x8000000000000000526884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87240173f6b7c3c2021-12-21 11:24:54.444root 11241100x8000000000000000526885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b70a9d97168bed22021-12-21 11:24:54.444root 11241100x8000000000000000526886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5b7f8c394c4b892021-12-21 11:24:54.444root 11241100x8000000000000000526887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f300fb3aa384652021-12-21 11:24:54.444root 11241100x8000000000000000526888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57b113c23c787a82021-12-21 11:24:54.444root 11241100x8000000000000000526889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08ea336e523c9a32021-12-21 11:24:54.444root 11241100x8000000000000000526890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d8492535b153c22021-12-21 11:24:54.445root 11241100x8000000000000000526891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2a914b36da740d2021-12-21 11:24:54.445root 11241100x8000000000000000526892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3789a46255edea72021-12-21 11:24:54.445root 11241100x8000000000000000526893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654851abed3311a2021-12-21 11:24:54.445root 11241100x8000000000000000526894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d33454c7004707a2021-12-21 11:24:54.445root 11241100x8000000000000000526895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f668e0c06dbedcb12021-12-21 11:24:54.446root 11241100x8000000000000000526896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e062ea7d2ea6eaa2021-12-21 11:24:54.446root 11241100x8000000000000000526897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb946192157c0c742021-12-21 11:24:54.446root 11241100x8000000000000000526898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f892b411b6541d42021-12-21 11:24:54.446root 11241100x8000000000000000526899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f747a5aebf764a2021-12-21 11:24:54.446root 11241100x8000000000000000526900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c41844d19978e42021-12-21 11:24:54.446root 11241100x8000000000000000526901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ceace03b3eae7b2021-12-21 11:24:54.446root 11241100x8000000000000000526902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d695ba18e90853152021-12-21 11:24:54.943root 11241100x8000000000000000526903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f44f0cdfc0f6a6c2021-12-21 11:24:54.944root 11241100x8000000000000000526904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49024f09ba0a272021-12-21 11:24:54.944root 11241100x8000000000000000526905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6e391710add4a72021-12-21 11:24:54.944root 11241100x8000000000000000526906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70f5604a207c7592021-12-21 11:24:54.944root 11241100x8000000000000000526907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6f1cfff7f08c5d2021-12-21 11:24:54.944root 11241100x8000000000000000526908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc22f001fdace7bf2021-12-21 11:24:54.944root 11241100x8000000000000000526909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e28739f3b13b672021-12-21 11:24:54.944root 11241100x8000000000000000526910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba48bae5060446c2021-12-21 11:24:54.944root 11241100x8000000000000000526911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b229dec94a5c30c82021-12-21 11:24:54.945root 11241100x8000000000000000526912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e1f24a9f984272021-12-21 11:24:54.945root 11241100x8000000000000000526913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd7e5eebc78b802021-12-21 11:24:54.945root 11241100x8000000000000000526914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581199baaf1e9b0c2021-12-21 11:24:54.945root 11241100x8000000000000000526915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4da5e14d74d8dd2021-12-21 11:24:54.945root 11241100x8000000000000000526916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e446ef3d24d11c02021-12-21 11:24:54.945root 11241100x8000000000000000526917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6596da153882cc2021-12-21 11:24:54.945root 11241100x8000000000000000526918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c0c598c175fb6e2021-12-21 11:24:54.945root 11241100x8000000000000000526919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1d2dbd9ddc8f42021-12-21 11:24:54.945root 11241100x8000000000000000526920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dfbddbcbbde51b2021-12-21 11:24:54.945root 11241100x8000000000000000526921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2252ebdd66d68d052021-12-21 11:24:55.443root 11241100x8000000000000000526922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50f1de89474b7882021-12-21 11:24:55.443root 11241100x8000000000000000526923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f36c46b8aca63e2021-12-21 11:24:55.443root 11241100x8000000000000000526924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6093c14e8f728782021-12-21 11:24:55.443root 11241100x8000000000000000526925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1f4aabba6dc26a2021-12-21 11:24:55.444root 11241100x8000000000000000526926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70683b7b6b2cc9122021-12-21 11:24:55.444root 11241100x8000000000000000526927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920cdc6b9e31ef6e2021-12-21 11:24:55.444root 11241100x8000000000000000526928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d919be7173eb62c02021-12-21 11:24:55.444root 11241100x8000000000000000526929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90386379d61df7cd2021-12-21 11:24:55.444root 11241100x8000000000000000526930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53710c48f2fe22ae2021-12-21 11:24:55.444root 11241100x8000000000000000526931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed11bcf696a9782021-12-21 11:24:55.444root 11241100x8000000000000000526932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751ab62a72a63dfc2021-12-21 11:24:55.444root 11241100x8000000000000000526933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad928a5ee51819632021-12-21 11:24:55.445root 11241100x8000000000000000526934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b796457e66059cbd2021-12-21 11:24:55.445root 11241100x8000000000000000526935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aaeaec53ec430c2021-12-21 11:24:55.445root 11241100x8000000000000000526936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99d66bc277b4b42021-12-21 11:24:55.445root 11241100x8000000000000000526937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5db499a70e2c22021-12-21 11:24:55.445root 11241100x8000000000000000526938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805ee9de1e3906ad2021-12-21 11:24:55.445root 11241100x8000000000000000526939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00d73c36faea74e2021-12-21 11:24:55.445root 11241100x8000000000000000526940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c799392b95591f2021-12-21 11:24:55.943root 11241100x8000000000000000526941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c3c7a9bdfaabaf2021-12-21 11:24:55.944root 11241100x8000000000000000526942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a56c56da377f12021-12-21 11:24:55.944root 11241100x8000000000000000526943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0a4a77e622cd5b2021-12-21 11:24:55.944root 11241100x8000000000000000526944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ce909ef188ca02021-12-21 11:24:55.944root 11241100x8000000000000000526945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caffc98b5371dce92021-12-21 11:24:55.944root 11241100x8000000000000000526946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af65e96694c6c4722021-12-21 11:24:55.944root 11241100x8000000000000000526947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25fd2d3acca81312021-12-21 11:24:55.944root 11241100x8000000000000000526948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28432affe4d7032c2021-12-21 11:24:55.945root 11241100x8000000000000000526949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c71362e6402e182021-12-21 11:24:55.945root 11241100x8000000000000000526950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867d85ad52b8de72021-12-21 11:24:55.945root 11241100x8000000000000000526951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09bd6be0102bdf12021-12-21 11:24:55.945root 11241100x8000000000000000526952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567dc8a985432a4c2021-12-21 11:24:55.945root 11241100x8000000000000000526953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36ab7db31b354e2021-12-21 11:24:55.945root 11241100x8000000000000000526954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b2a3e85234e5a12021-12-21 11:24:55.945root 11241100x8000000000000000526955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f73c27e5caef192021-12-21 11:24:55.945root 11241100x8000000000000000526956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766e1f8154c689a2021-12-21 11:24:55.946root 11241100x8000000000000000526957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b397efeec0d3c9c2021-12-21 11:24:55.946root 11241100x8000000000000000526958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d656cd87c177f902021-12-21 11:24:55.946root 354300x8000000000000000526959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.082{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48504-false10.0.1.12-8000- 11241100x8000000000000000526960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085085a946bdc062021-12-21 11:24:56.443root 11241100x8000000000000000526961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2fb58a183fde532021-12-21 11:24:56.443root 11241100x8000000000000000526962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9355ea2b5d45862021-12-21 11:24:56.443root 11241100x8000000000000000526963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4921ee79e785ce582021-12-21 11:24:56.444root 11241100x8000000000000000526964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd63d54c3f5830c92021-12-21 11:24:56.444root 11241100x8000000000000000526965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a70ea51b1f49212021-12-21 11:24:56.444root 11241100x8000000000000000526966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bec4a90b2a6854c2021-12-21 11:24:56.444root 11241100x8000000000000000526967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61bcfec8ce82f9a2021-12-21 11:24:56.444root 11241100x8000000000000000526968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc14380290a7eb4d2021-12-21 11:24:56.444root 11241100x8000000000000000526969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdd3e684018c7392021-12-21 11:24:56.444root 11241100x8000000000000000526970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7628810b58f1cd112021-12-21 11:24:56.444root 11241100x8000000000000000526971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374ba1f88dec3a622021-12-21 11:24:56.444root 11241100x8000000000000000526972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972236391519a0312021-12-21 11:24:56.444root 11241100x8000000000000000526973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62486669f112d22021-12-21 11:24:56.444root 11241100x8000000000000000526974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6a2712ad3c96b82021-12-21 11:24:56.444root 11241100x8000000000000000526975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e3f67874786922021-12-21 11:24:56.444root 11241100x8000000000000000526976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb3b148cc5fdd752021-12-21 11:24:56.444root 11241100x8000000000000000526977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9b489f8fbe59e02021-12-21 11:24:56.444root 11241100x8000000000000000526978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f383a8650ce8e42021-12-21 11:24:56.445root 11241100x8000000000000000526979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e4e93c037f22fb2021-12-21 11:24:56.445root 11241100x8000000000000000526980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305e82c0aff95dd62021-12-21 11:24:56.943root 11241100x8000000000000000526981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12778238e51e00c62021-12-21 11:24:56.943root 11241100x8000000000000000526982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae78cf8b7742b7f2021-12-21 11:24:56.943root 11241100x8000000000000000526983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196df3d834d70f62021-12-21 11:24:56.943root 11241100x8000000000000000526984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865b29d1b2822f92021-12-21 11:24:56.944root 11241100x8000000000000000526985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78abb5b0d0f44b2021-12-21 11:24:56.944root 11241100x8000000000000000526986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba895b9d01f00492021-12-21 11:24:56.944root 11241100x8000000000000000526987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83134b1b313910742021-12-21 11:24:56.944root 11241100x8000000000000000526988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d090b9fed26fb8da2021-12-21 11:24:56.944root 11241100x8000000000000000526989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0e8ae21cdaec442021-12-21 11:24:56.944root 11241100x8000000000000000526990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ab00239b9503c52021-12-21 11:24:56.944root 11241100x8000000000000000526991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0f889b62177a62021-12-21 11:24:56.944root 11241100x8000000000000000526992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd5d6eee739e2632021-12-21 11:24:56.944root 11241100x8000000000000000526993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b593af816cc0c5702021-12-21 11:24:56.944root 11241100x8000000000000000526994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba3a58af086511a2021-12-21 11:24:56.944root 11241100x8000000000000000526995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19ffedb695284712021-12-21 11:24:56.944root 11241100x8000000000000000526996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e6bb20bc4a3732021-12-21 11:24:56.944root 11241100x8000000000000000526997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4255f8d577704c952021-12-21 11:24:56.944root 11241100x8000000000000000526998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5812220081d3b5352021-12-21 11:24:56.944root 11241100x8000000000000000526999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e3169c132a645e2021-12-21 11:24:56.944root 11241100x8000000000000000527000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0b2159e3a0526b2021-12-21 11:24:57.443root 11241100x8000000000000000527001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a26c261a0d48e2021-12-21 11:24:57.443root 11241100x8000000000000000527002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381246ab373414a52021-12-21 11:24:57.443root 11241100x8000000000000000527003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b651b5bc1ee8620c2021-12-21 11:24:57.443root 11241100x8000000000000000527004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7218f66eb6baef2021-12-21 11:24:57.444root 11241100x8000000000000000527005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5ba38a10492c552021-12-21 11:24:57.444root 11241100x8000000000000000527006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabb5e9aab93968c2021-12-21 11:24:57.444root 11241100x8000000000000000527007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767628bff9cbefea2021-12-21 11:24:57.444root 11241100x8000000000000000527008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979a642100f702d62021-12-21 11:24:57.444root 11241100x8000000000000000527009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb0806f0d5cae52021-12-21 11:24:57.444root 11241100x8000000000000000527010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d91039c151d79af2021-12-21 11:24:57.444root 11241100x8000000000000000527011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32eace31dcfea052021-12-21 11:24:57.444root 11241100x8000000000000000527012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe6cb3f22e83cf02021-12-21 11:24:57.445root 11241100x8000000000000000527013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3c3a7f8503df9a2021-12-21 11:24:57.445root 11241100x8000000000000000527014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eebcce7ecdcfcc2021-12-21 11:24:57.445root 11241100x8000000000000000527015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7912b2a14a8eef3d2021-12-21 11:24:57.445root 11241100x8000000000000000527016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17236220980ad29a2021-12-21 11:24:57.445root 11241100x8000000000000000527017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bccfd6bd06153c12021-12-21 11:24:57.445root 11241100x8000000000000000527018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615fecc16ee699942021-12-21 11:24:57.445root 11241100x8000000000000000527019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c2ea2eddab8412021-12-21 11:24:57.445root 11241100x8000000000000000527020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2dfec6c8e3e32d2021-12-21 11:24:57.943root 11241100x8000000000000000527021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b82545cb4feb82021-12-21 11:24:57.944root 11241100x8000000000000000527022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7946e7a3dfd419a2021-12-21 11:24:57.944root 11241100x8000000000000000527023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4817b26461be422021-12-21 11:24:57.944root 11241100x8000000000000000527024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feba129cbaf84a22021-12-21 11:24:57.944root 11241100x8000000000000000527025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6834ab602a03b522021-12-21 11:24:57.944root 11241100x8000000000000000527026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac67ea34c0703ec2021-12-21 11:24:57.945root 11241100x8000000000000000527027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432885e1b4ccf41c2021-12-21 11:24:57.945root 11241100x8000000000000000527028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108c738ad11239c42021-12-21 11:24:57.945root 11241100x8000000000000000527029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ddea470c82b712021-12-21 11:24:57.945root 11241100x8000000000000000527030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bbce02a70a2e3f2021-12-21 11:24:57.945root 11241100x8000000000000000527031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac95e001c4d15ff2021-12-21 11:24:57.945root 11241100x8000000000000000527032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e953a77afb31032021-12-21 11:24:57.945root 11241100x8000000000000000527033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0964c8ddd5965802021-12-21 11:24:57.946root 11241100x8000000000000000527034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee429fe9d36a56c62021-12-21 11:24:57.946root 11241100x8000000000000000527035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a5955a693e4dec2021-12-21 11:24:57.946root 11241100x8000000000000000527036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6b71dc2c7cc3042021-12-21 11:24:57.946root 11241100x8000000000000000527037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa9aa04d1c1e9d2021-12-21 11:24:57.946root 11241100x8000000000000000527038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cbc7badf469eb72021-12-21 11:24:57.947root 11241100x8000000000000000527039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a1f2ecb556a25d2021-12-21 11:24:57.947root 11241100x8000000000000000527040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef3ddab3901ea0e2021-12-21 11:24:58.443root 11241100x8000000000000000527041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b32c400161dd3952021-12-21 11:24:58.443root 11241100x8000000000000000527042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467fdf290b29bab72021-12-21 11:24:58.444root 11241100x8000000000000000527043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01314e92e7cafb492021-12-21 11:24:58.444root 11241100x8000000000000000527044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8759bb4d38113442021-12-21 11:24:58.444root 11241100x8000000000000000527045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83b4444c098fb792021-12-21 11:24:58.444root 11241100x8000000000000000527046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7399d4b64393212021-12-21 11:24:58.444root 11241100x8000000000000000527047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ef62211132027b2021-12-21 11:24:58.444root 11241100x8000000000000000527048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d288f98c0bc2fc622021-12-21 11:24:58.444root 11241100x8000000000000000527049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7554bbfce3d2cc82021-12-21 11:24:58.444root 11241100x8000000000000000527050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3d18dcd376b8922021-12-21 11:24:58.444root 11241100x8000000000000000527051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2950ebefd65079ed2021-12-21 11:24:58.444root 11241100x8000000000000000527052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d75059294063e92021-12-21 11:24:58.444root 11241100x8000000000000000527053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a5dd9888831952021-12-21 11:24:58.444root 11241100x8000000000000000527054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4c47298504a14c2021-12-21 11:24:58.444root 11241100x8000000000000000527055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525564aa4b2315a22021-12-21 11:24:58.445root 11241100x8000000000000000527056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febab982e892b28f2021-12-21 11:24:58.445root 11241100x8000000000000000527057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ab10fedc4f83d2021-12-21 11:24:58.445root 11241100x8000000000000000527058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b038a9fcd2fcab662021-12-21 11:24:58.445root 11241100x8000000000000000527059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da7583d4cd66df02021-12-21 11:24:58.445root 11241100x8000000000000000527060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a896cc8a7127a2021-12-21 11:24:58.943root 11241100x8000000000000000527061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a453a30af902dccf2021-12-21 11:24:58.943root 11241100x8000000000000000527062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce213a35cce3e2f2021-12-21 11:24:58.944root 11241100x8000000000000000527063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21635408132dbeee2021-12-21 11:24:58.944root 11241100x8000000000000000527064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418c1b496a0275482021-12-21 11:24:58.944root 11241100x8000000000000000527065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041bd8f6ca5754c82021-12-21 11:24:58.944root 11241100x8000000000000000527066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ba18d297746ea2021-12-21 11:24:58.944root 11241100x8000000000000000527067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c5def46c70d27e2021-12-21 11:24:58.944root 11241100x8000000000000000527068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfca174a79254fb2021-12-21 11:24:58.944root 11241100x8000000000000000527069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cafb29e5188a1742021-12-21 11:24:58.944root 11241100x8000000000000000527070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de798970e03b10d2021-12-21 11:24:58.944root 11241100x8000000000000000527071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930340dfe9a83102021-12-21 11:24:58.944root 11241100x8000000000000000527072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af573095a699e002021-12-21 11:24:58.945root 11241100x8000000000000000527073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789d842a0a6c4c2f2021-12-21 11:24:58.945root 11241100x8000000000000000527074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f6021356d9226a2021-12-21 11:24:58.945root 11241100x8000000000000000527075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a390a89b331439472021-12-21 11:24:58.945root 11241100x8000000000000000527076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb71bfa0ba1c23702021-12-21 11:24:58.945root 11241100x8000000000000000527077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6327f0e75920f7842021-12-21 11:24:58.945root 11241100x8000000000000000527078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb07712d6181b1b02021-12-21 11:24:58.945root 11241100x8000000000000000527079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38de17a9f233f7952021-12-21 11:24:58.945root 11241100x8000000000000000527080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bce5a4300ae6f0e2021-12-21 11:24:59.443root 11241100x8000000000000000527081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c6b92c222942f2021-12-21 11:24:59.443root 11241100x8000000000000000527082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34f4dbecb39ece52021-12-21 11:24:59.443root 11241100x8000000000000000527083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98165893678234802021-12-21 11:24:59.443root 11241100x8000000000000000527084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dc58b133cadfd32021-12-21 11:24:59.444root 11241100x8000000000000000527085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a624d192e61882021-12-21 11:24:59.444root 11241100x8000000000000000527086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857e89572ccd25a32021-12-21 11:24:59.444root 11241100x8000000000000000527087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa5ab55babd337e2021-12-21 11:24:59.444root 11241100x8000000000000000527088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2468525a091b0efb2021-12-21 11:24:59.444root 11241100x8000000000000000527089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799ceed619c04d652021-12-21 11:24:59.444root 11241100x8000000000000000527090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd6e8796cc394352021-12-21 11:24:59.444root 11241100x8000000000000000527091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42262747b94262a42021-12-21 11:24:59.444root 11241100x8000000000000000527092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2f689afd19f62b2021-12-21 11:24:59.444root 11241100x8000000000000000527093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523cd53eb133e10d2021-12-21 11:24:59.444root 11241100x8000000000000000527094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e7a9f9c75b19252021-12-21 11:24:59.444root 11241100x8000000000000000527095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e6381742fd7b02021-12-21 11:24:59.444root 11241100x8000000000000000527096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbb5a0821d34a442021-12-21 11:24:59.444root 11241100x8000000000000000527097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c16851a94f03f542021-12-21 11:24:59.444root 11241100x8000000000000000527098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b3fd786f0de4ec2021-12-21 11:24:59.444root 11241100x8000000000000000527099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9e45df222184442021-12-21 11:24:59.445root 11241100x8000000000000000527100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504f74cdacff9ed32021-12-21 11:24:59.943root 11241100x8000000000000000527101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0457f8a64f09bffd2021-12-21 11:24:59.943root 11241100x8000000000000000527102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f079fba426211b12021-12-21 11:24:59.943root 11241100x8000000000000000527103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2105ce17e98a2c02021-12-21 11:24:59.943root 11241100x8000000000000000527104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8a2ee2bccbeca82021-12-21 11:24:59.944root 11241100x8000000000000000527105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd51a5a8993af7c62021-12-21 11:24:59.944root 11241100x8000000000000000527106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73d5e3091df67d2021-12-21 11:24:59.944root 11241100x8000000000000000527107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64565b5d27bd43852021-12-21 11:24:59.944root 11241100x8000000000000000527108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6ff4961003a402021-12-21 11:24:59.944root 11241100x8000000000000000527109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5dcb830905fa432021-12-21 11:24:59.944root 11241100x8000000000000000527110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576e356c81b00c702021-12-21 11:24:59.944root 11241100x8000000000000000527111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd1e7d1f93960072021-12-21 11:24:59.944root 11241100x8000000000000000527112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a379e388cc7a6072021-12-21 11:24:59.944root 11241100x8000000000000000527113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ed0d1947d9def42021-12-21 11:24:59.944root 11241100x8000000000000000527114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d63dec4ded1eebe2021-12-21 11:24:59.944root 11241100x8000000000000000527115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3348291b10b9dd2021-12-21 11:24:59.944root 11241100x8000000000000000527116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5a3cd6d76c17852021-12-21 11:24:59.944root 11241100x8000000000000000527117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ec4f6a239133052021-12-21 11:24:59.944root 11241100x8000000000000000527118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17d9588d4337c142021-12-21 11:24:59.944root 11241100x8000000000000000527119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:24:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e00cb71c0b36af2021-12-21 11:24:59.944root 11241100x8000000000000000527120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c35f55e6249b9402021-12-21 11:25:00.443root 11241100x8000000000000000527121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c543d7a29bd71ca22021-12-21 11:25:00.443root 11241100x8000000000000000527122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fdccc88471ded2021-12-21 11:25:00.443root 11241100x8000000000000000527123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f79ca35cc0fb52021-12-21 11:25:00.443root 11241100x8000000000000000527124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9784fd7a3d863b2021-12-21 11:25:00.444root 11241100x8000000000000000527125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0348ae044c33614e2021-12-21 11:25:00.444root 11241100x8000000000000000527126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8d634da86b39d02021-12-21 11:25:00.444root 11241100x8000000000000000527127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f75e7643dbff42021-12-21 11:25:00.444root 11241100x8000000000000000527128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708c1de755e231472021-12-21 11:25:00.444root 11241100x8000000000000000527129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834ccf4761b8a7822021-12-21 11:25:00.444root 11241100x8000000000000000527130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af4aa16408bbbfe2021-12-21 11:25:00.444root 11241100x8000000000000000527131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489f762462e785ab2021-12-21 11:25:00.444root 11241100x8000000000000000527132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2bd7e540e182ec2021-12-21 11:25:00.444root 11241100x8000000000000000527133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c13d979a4c680a92021-12-21 11:25:00.444root 11241100x8000000000000000527134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4385e93491245a2021-12-21 11:25:00.444root 11241100x8000000000000000527135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6880bf59c17f9b2021-12-21 11:25:00.444root 11241100x8000000000000000527136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea798812ff337f02021-12-21 11:25:00.444root 11241100x8000000000000000527137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a79c3173af69ca42021-12-21 11:25:00.444root 11241100x8000000000000000527138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0f1e25463540502021-12-21 11:25:00.444root 11241100x8000000000000000527139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664643562eb5e5bd2021-12-21 11:25:00.444root 11241100x8000000000000000527140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f1a48d26eae34e2021-12-21 11:25:00.943root 11241100x8000000000000000527141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f49238158fa422021-12-21 11:25:00.943root 11241100x8000000000000000527142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01057654eaefe1f32021-12-21 11:25:00.943root 11241100x8000000000000000527143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f491d51192b3485b2021-12-21 11:25:00.943root 11241100x8000000000000000527144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565e667143376b02021-12-21 11:25:00.943root 11241100x8000000000000000527145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cc10df74b5625a2021-12-21 11:25:00.943root 11241100x8000000000000000527146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d94cbfe13c39562021-12-21 11:25:00.944root 11241100x8000000000000000527147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071ed19f9a6289f82021-12-21 11:25:00.944root 11241100x8000000000000000527148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edab513eae7ce652021-12-21 11:25:00.944root 11241100x8000000000000000527149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab5ba16056e04542021-12-21 11:25:00.944root 11241100x8000000000000000527150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b025684516a7e7352021-12-21 11:25:00.944root 11241100x8000000000000000527151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff8d11dd3acc952021-12-21 11:25:00.944root 11241100x8000000000000000527152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e4ef69a08959e62021-12-21 11:25:00.944root 11241100x8000000000000000527153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d8feb6ce21f0cb2021-12-21 11:25:00.944root 11241100x8000000000000000527154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29a2b056f2779f22021-12-21 11:25:00.945root 11241100x8000000000000000527155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848babeacb54dbce2021-12-21 11:25:00.945root 11241100x8000000000000000527156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922fbfd1f84fd6522021-12-21 11:25:00.945root 11241100x8000000000000000527157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb1ce8fba41762c2021-12-21 11:25:00.945root 11241100x8000000000000000527158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771a07ec086603712021-12-21 11:25:00.945root 11241100x8000000000000000527159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cf055020593f662021-12-21 11:25:00.946root 11241100x8000000000000000527160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309f013649a462b2021-12-21 11:25:00.946root 11241100x8000000000000000527161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf4ce92d4b61c452021-12-21 11:25:00.946root 11241100x8000000000000000527162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357a40ebe61de7532021-12-21 11:25:00.946root 11241100x8000000000000000527163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb18ec54315cce292021-12-21 11:25:00.946root 11241100x8000000000000000527164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd819d95a3d6e2f2021-12-21 11:25:00.947root 11241100x8000000000000000527165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3881880468664852021-12-21 11:25:00.947root 11241100x8000000000000000527166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a24e5bcfc37db572021-12-21 11:25:00.947root 11241100x8000000000000000527167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ed712ed4bcf5162021-12-21 11:25:00.947root 11241100x8000000000000000527168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b2acef68590ea12021-12-21 11:25:00.948root 11241100x8000000000000000527169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc70976d6e1914012021-12-21 11:25:00.948root 11241100x8000000000000000527170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2d24c0302488df2021-12-21 11:25:00.948root 11241100x8000000000000000527171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be4c96a11e733fb2021-12-21 11:25:00.948root 11241100x8000000000000000527172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34663a301bbbe572021-12-21 11:25:00.948root 11241100x8000000000000000527173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3c946ed90732bf2021-12-21 11:25:00.948root 354300x8000000000000000527174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.132{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48506-false10.0.1.12-8000- 11241100x8000000000000000527175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a50b6069f830472021-12-21 11:25:01.443root 11241100x8000000000000000527176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba575397e8307b942021-12-21 11:25:01.443root 11241100x8000000000000000527177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822b7dad227f4962021-12-21 11:25:01.444root 11241100x8000000000000000527178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c7ede275640db62021-12-21 11:25:01.444root 11241100x8000000000000000527179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fe1b5c6545b5a12021-12-21 11:25:01.444root 11241100x8000000000000000527180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eddfe6dab7f4dc12021-12-21 11:25:01.444root 11241100x8000000000000000527181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cd65dcab0096742021-12-21 11:25:01.444root 11241100x8000000000000000527182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a878f579db49e1402021-12-21 11:25:01.444root 11241100x8000000000000000527183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981e630535d09e92021-12-21 11:25:01.444root 11241100x8000000000000000527184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5e0b50ffbefdb2021-12-21 11:25:01.444root 11241100x8000000000000000527185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af7a53334efc4c72021-12-21 11:25:01.444root 11241100x8000000000000000527186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5580e11432bfb942021-12-21 11:25:01.444root 11241100x8000000000000000527187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf703234cbae912021-12-21 11:25:01.444root 11241100x8000000000000000527188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aaac72a898ebb12021-12-21 11:25:01.444root 11241100x8000000000000000527189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ece794f5eeea0a2021-12-21 11:25:01.445root 11241100x8000000000000000527190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4640eb287f537492021-12-21 11:25:01.445root 11241100x8000000000000000527191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385cce1c3a117a42021-12-21 11:25:01.445root 11241100x8000000000000000527192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fcdfb331f3dda32021-12-21 11:25:01.445root 11241100x8000000000000000527193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab90139b721493882021-12-21 11:25:01.445root 11241100x8000000000000000527194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbe554dae100ba42021-12-21 11:25:01.445root 11241100x8000000000000000527195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb621ca5f8de5362021-12-21 11:25:01.445root 11241100x8000000000000000527196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363e4593bc31868c2021-12-21 11:25:01.445root 11241100x8000000000000000527197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679acc2c0f3a5e012021-12-21 11:25:01.446root 11241100x8000000000000000527198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1b312a3053dba2021-12-21 11:25:01.446root 11241100x8000000000000000527199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245052b792040bf2021-12-21 11:25:01.446root 11241100x8000000000000000527200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ba2bc4378f619f2021-12-21 11:25:01.446root 11241100x8000000000000000527201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca72b80d71d0af42021-12-21 11:25:01.447root 11241100x8000000000000000527202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d96973c9f8b272021-12-21 11:25:01.447root 11241100x8000000000000000527203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2effe72b0bff1712021-12-21 11:25:01.447root 11241100x8000000000000000527204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9512788785306ff2021-12-21 11:25:01.448root 11241100x8000000000000000527205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221b06e3d24aedad2021-12-21 11:25:01.448root 11241100x8000000000000000527206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad82c15cacfb0fdc2021-12-21 11:25:01.448root 11241100x8000000000000000527207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2504010b7dd48d1a2021-12-21 11:25:01.448root 11241100x8000000000000000527208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92879173da92172b2021-12-21 11:25:01.448root 11241100x8000000000000000527209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799b0f543a9829ee2021-12-21 11:25:01.449root 11241100x8000000000000000527210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5120f2f677cd880a2021-12-21 11:25:01.449root 11241100x8000000000000000527211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21abdb25116928a62021-12-21 11:25:01.449root 11241100x8000000000000000527212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b416eec58898752021-12-21 11:25:01.449root 11241100x8000000000000000527213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d58fb2d2e28c1c32021-12-21 11:25:01.450root 11241100x8000000000000000527214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4b685a05d4ee592021-12-21 11:25:01.450root 11241100x8000000000000000527215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e30b1a2284f085a2021-12-21 11:25:01.450root 11241100x8000000000000000527216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f015f6dd6c8e1c8e2021-12-21 11:25:01.450root 11241100x8000000000000000527217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35fd6e2ef6d7ee02021-12-21 11:25:01.450root 11241100x8000000000000000527218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071368eb3a923e02021-12-21 11:25:01.450root 11241100x8000000000000000527219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf9b87f64315e9a2021-12-21 11:25:01.450root 11241100x8000000000000000527220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91620067a04a647f2021-12-21 11:25:01.451root 11241100x8000000000000000527221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c7e5f01aa8ba8a2021-12-21 11:25:01.451root 11241100x8000000000000000527222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2dcdef50029a232021-12-21 11:25:01.451root 11241100x8000000000000000527223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1621e740903cde12021-12-21 11:25:01.451root 11241100x8000000000000000527224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca273ad22e7c5242021-12-21 11:25:01.451root 11241100x8000000000000000527225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7f5cc935cf94c12021-12-21 11:25:01.452root 11241100x8000000000000000527226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fb851f2f40be052021-12-21 11:25:01.943root 11241100x8000000000000000527227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe48f6df2bdd62ee2021-12-21 11:25:01.943root 11241100x8000000000000000527228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457eb64aef912e9d2021-12-21 11:25:01.944root 11241100x8000000000000000527229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264b68e4bcb8259c2021-12-21 11:25:01.944root 11241100x8000000000000000527230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c5bcbcdac86462021-12-21 11:25:01.944root 11241100x8000000000000000527231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fe924a0c6c8332021-12-21 11:25:01.944root 11241100x8000000000000000527232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c334fa3e432c752021-12-21 11:25:01.944root 11241100x8000000000000000527233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864ec2455066d5852021-12-21 11:25:01.945root 11241100x8000000000000000527234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117655359fa8120e2021-12-21 11:25:01.945root 11241100x8000000000000000527235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5584030fd7f1d2021-12-21 11:25:01.945root 11241100x8000000000000000527236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef6e25ee290e7382021-12-21 11:25:01.945root 11241100x8000000000000000527237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcdb09bbd7b69ac2021-12-21 11:25:01.945root 11241100x8000000000000000527238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1974d47fcef8ec2021-12-21 11:25:01.945root 11241100x8000000000000000527239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0949583cac3212021-12-21 11:25:01.945root 11241100x8000000000000000527240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d85a0c7e6cd2a22021-12-21 11:25:01.945root 11241100x8000000000000000527241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc90bee776f0c2bf2021-12-21 11:25:01.946root 11241100x8000000000000000527242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc171771dcc2412021-12-21 11:25:01.946root 11241100x8000000000000000527243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f492ed8ae325de542021-12-21 11:25:01.946root 11241100x8000000000000000527244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21b2b919b5cc0ad2021-12-21 11:25:01.946root 11241100x8000000000000000527245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4be230559054cd2021-12-21 11:25:01.946root 11241100x8000000000000000527246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42a5996aa580642021-12-21 11:25:01.946root 11241100x8000000000000000527247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67be8cc8a41bf532021-12-21 11:25:02.443root 11241100x8000000000000000527248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faa11d1c27c79842021-12-21 11:25:02.443root 11241100x8000000000000000527249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3ec84c378d70852021-12-21 11:25:02.443root 11241100x8000000000000000527250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60dc04e2bfc9962021-12-21 11:25:02.443root 11241100x8000000000000000527251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024e0db14fb6fcc2021-12-21 11:25:02.443root 11241100x8000000000000000527252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096bea91173319572021-12-21 11:25:02.444root 11241100x8000000000000000527253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344da345a130c02f2021-12-21 11:25:02.444root 11241100x8000000000000000527254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94a2e86ecbdb2f82021-12-21 11:25:02.444root 11241100x8000000000000000527255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32936cf37eb53cf2021-12-21 11:25:02.444root 11241100x8000000000000000527256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05ece747fc03af52021-12-21 11:25:02.444root 11241100x8000000000000000527257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04ec009df6e30812021-12-21 11:25:02.444root 11241100x8000000000000000527258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e233a64dd9ad1482021-12-21 11:25:02.444root 11241100x8000000000000000527259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553540ea942f276a2021-12-21 11:25:02.444root 11241100x8000000000000000527260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fcb1d9c1658d272021-12-21 11:25:02.444root 11241100x8000000000000000527261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfac05a3940f4052021-12-21 11:25:02.444root 11241100x8000000000000000527262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82862928c4323b32021-12-21 11:25:02.444root 11241100x8000000000000000527263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2522658713aa5022021-12-21 11:25:02.445root 11241100x8000000000000000527264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1fe39be07d36212021-12-21 11:25:02.445root 11241100x8000000000000000527265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5161342d8bb89a382021-12-21 11:25:02.445root 11241100x8000000000000000527266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7734cf6c74375602021-12-21 11:25:02.445root 11241100x8000000000000000527267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2d163afa2c17af2021-12-21 11:25:02.445root 11241100x8000000000000000527268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d913798d7047082021-12-21 11:25:02.943root 11241100x8000000000000000527269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88850ead1da14aec2021-12-21 11:25:02.943root 11241100x8000000000000000527270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3fb0eecf424032021-12-21 11:25:02.943root 11241100x8000000000000000527271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d02858d3043002021-12-21 11:25:02.943root 11241100x8000000000000000527272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7143c3569603a5fe2021-12-21 11:25:02.943root 11241100x8000000000000000527273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53322021560abe8b2021-12-21 11:25:02.943root 11241100x8000000000000000527274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0c1b648fe86392021-12-21 11:25:02.943root 11241100x8000000000000000527275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b7e9ecdd2130182021-12-21 11:25:02.943root 11241100x8000000000000000527276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bce4e2d9eac63f2021-12-21 11:25:02.944root 11241100x8000000000000000527277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07664f1b001690742021-12-21 11:25:02.944root 11241100x8000000000000000527278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4272f64b0bdd9cf42021-12-21 11:25:02.944root 11241100x8000000000000000527279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdbef8b65e327f52021-12-21 11:25:02.944root 11241100x8000000000000000527280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048a7921160da3162021-12-21 11:25:02.944root 11241100x8000000000000000527281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ace84209df6072021-12-21 11:25:02.944root 11241100x8000000000000000527282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d1b235da16bbc52021-12-21 11:25:02.944root 11241100x8000000000000000527283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32cc970c85ac0b12021-12-21 11:25:02.944root 11241100x8000000000000000527284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed73507d2d4f9b2c2021-12-21 11:25:02.944root 11241100x8000000000000000527285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926bf9c1266f793c2021-12-21 11:25:02.944root 11241100x8000000000000000527286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241292d3fbc88e472021-12-21 11:25:02.944root 11241100x8000000000000000527287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282ce8a5a251946e2021-12-21 11:25:02.945root 11241100x8000000000000000527288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e98ec588c291ae2021-12-21 11:25:02.945root 11241100x8000000000000000527289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99969232c615c59d2021-12-21 11:25:03.443root 11241100x8000000000000000527290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e241063531f6db152021-12-21 11:25:03.443root 11241100x8000000000000000527291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceffdc831f4814f2021-12-21 11:25:03.443root 11241100x8000000000000000527292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a4eabff9622c902021-12-21 11:25:03.443root 11241100x8000000000000000527293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d72636d3920fb0e2021-12-21 11:25:03.444root 11241100x8000000000000000527294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef61fd5a96803f2021-12-21 11:25:03.444root 11241100x8000000000000000527295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21b988ad98b71852021-12-21 11:25:03.444root 11241100x8000000000000000527296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca560fd5f4de925b2021-12-21 11:25:03.444root 11241100x8000000000000000527297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825a9c5dda9ed7a22021-12-21 11:25:03.444root 11241100x8000000000000000527298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ede9ae1cb5504d2021-12-21 11:25:03.444root 11241100x8000000000000000527299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b1b6d28449c1a32021-12-21 11:25:03.444root 11241100x8000000000000000527300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb22151523d614f12021-12-21 11:25:03.444root 11241100x8000000000000000527301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b89c19793e9d7f2021-12-21 11:25:03.444root 11241100x8000000000000000527302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00944c8a95d532f2021-12-21 11:25:03.445root 11241100x8000000000000000527303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed45fc08cec72912021-12-21 11:25:03.445root 11241100x8000000000000000527304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c481f3f7f40392a12021-12-21 11:25:03.445root 11241100x8000000000000000527305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbcee79514214ca2021-12-21 11:25:03.445root 11241100x8000000000000000527306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6bcc40bce01a22021-12-21 11:25:03.445root 11241100x8000000000000000527307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698b5f5121924be22021-12-21 11:25:03.445root 11241100x8000000000000000527308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255f90ba64eb7f162021-12-21 11:25:03.445root 11241100x8000000000000000527309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418d9555949bbd82021-12-21 11:25:03.445root 11241100x8000000000000000527310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65988dc7b5433d72021-12-21 11:25:03.943root 11241100x8000000000000000527311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278b62cc1bd8d702021-12-21 11:25:03.943root 11241100x8000000000000000527312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85014050882040b2021-12-21 11:25:03.943root 11241100x8000000000000000527313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5223228b3490efa32021-12-21 11:25:03.943root 11241100x8000000000000000527314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a0728f726a9092021-12-21 11:25:03.944root 11241100x8000000000000000527315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b5d3cb06f047252021-12-21 11:25:03.944root 11241100x8000000000000000527316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b8b0398bdc2fe52021-12-21 11:25:03.944root 11241100x8000000000000000527317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f723ee26361c1f2021-12-21 11:25:03.944root 11241100x8000000000000000527318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1822a1ca8ecabad2021-12-21 11:25:03.944root 11241100x8000000000000000527319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac319efe785fdbe22021-12-21 11:25:03.944root 11241100x8000000000000000527320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d723b21be2444d82021-12-21 11:25:03.944root 11241100x8000000000000000527321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0e5429f1134e22021-12-21 11:25:03.944root 11241100x8000000000000000527322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05fe43158988b02021-12-21 11:25:03.944root 11241100x8000000000000000527323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2aa290a3d298dc2021-12-21 11:25:03.944root 11241100x8000000000000000527324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d834c67cf53cca8a2021-12-21 11:25:03.944root 11241100x8000000000000000527325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118525514bd3967c2021-12-21 11:25:03.944root 11241100x8000000000000000527326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6a142ec4054ec62021-12-21 11:25:03.944root 11241100x8000000000000000527327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13381901fd14251d2021-12-21 11:25:03.945root 11241100x8000000000000000527328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c034a577ddba46162021-12-21 11:25:03.945root 11241100x8000000000000000527329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b914ee32941b7fc2021-12-21 11:25:03.945root 11241100x8000000000000000527330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd03400b40ec342021-12-21 11:25:03.945root 11241100x8000000000000000527331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0be23ac9513ef92021-12-21 11:25:04.443root 11241100x8000000000000000527332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ffea78f97be432021-12-21 11:25:04.443root 11241100x8000000000000000527333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52981aafbf77e09a2021-12-21 11:25:04.444root 11241100x8000000000000000527334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b0249cc8a93322021-12-21 11:25:04.444root 11241100x8000000000000000527335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff1743427cdf49e2021-12-21 11:25:04.444root 11241100x8000000000000000527336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a96deca6198c0892021-12-21 11:25:04.444root 11241100x8000000000000000527337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9d566e96382e62021-12-21 11:25:04.444root 11241100x8000000000000000527338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c76ee5d75e6602021-12-21 11:25:04.444root 11241100x8000000000000000527339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ff2d6cfa2605ff2021-12-21 11:25:04.444root 11241100x8000000000000000527340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bbfd5cba9826b52021-12-21 11:25:04.444root 11241100x8000000000000000527341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6759e76da9eb037b2021-12-21 11:25:04.444root 11241100x8000000000000000527342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce50521f6b860dc2021-12-21 11:25:04.444root 11241100x8000000000000000527343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3524f483ab04ea592021-12-21 11:25:04.445root 11241100x8000000000000000527344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93aef369fc0ff112021-12-21 11:25:04.445root 11241100x8000000000000000527345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba0dc2d6151378d2021-12-21 11:25:04.445root 11241100x8000000000000000527346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffd887837b73cc82021-12-21 11:25:04.445root 11241100x8000000000000000527347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a924650e163a9c12021-12-21 11:25:04.445root 11241100x8000000000000000527348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f252e754c0ab3c6a2021-12-21 11:25:04.445root 11241100x8000000000000000527349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcc8e472f81c33d2021-12-21 11:25:04.445root 11241100x8000000000000000527350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a90c8c9a74b4d12021-12-21 11:25:04.445root 11241100x8000000000000000527351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac6925d787343112021-12-21 11:25:04.445root 11241100x8000000000000000527352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704135ece481efd2021-12-21 11:25:04.943root 11241100x8000000000000000527353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e237b2b0cce7e672021-12-21 11:25:04.943root 11241100x8000000000000000527354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6c790470eeb3d2021-12-21 11:25:04.943root 11241100x8000000000000000527355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e6e5f82c1e7dd2021-12-21 11:25:04.944root 11241100x8000000000000000527356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef8bb57800b0df2021-12-21 11:25:04.944root 11241100x8000000000000000527357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e901008e313c37a2021-12-21 11:25:04.944root 11241100x8000000000000000527358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94de9d5c9a983a972021-12-21 11:25:04.944root 11241100x8000000000000000527359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc7c0eaa8a597bc2021-12-21 11:25:04.944root 11241100x8000000000000000527360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49a770340baddf2021-12-21 11:25:04.944root 11241100x8000000000000000527361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b39e126e9a00d12021-12-21 11:25:04.944root 11241100x8000000000000000527362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aea51e7135ce5ab2021-12-21 11:25:04.944root 11241100x8000000000000000527363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffc375c8e3f4d42021-12-21 11:25:04.944root 11241100x8000000000000000527364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9bfd1f8038a0052021-12-21 11:25:04.944root 11241100x8000000000000000527365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028ecd98083c73cf2021-12-21 11:25:04.945root 11241100x8000000000000000527366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b5435c626cf6452021-12-21 11:25:04.945root 11241100x8000000000000000527367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4adf42e6f88ef92021-12-21 11:25:04.945root 11241100x8000000000000000527368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2325f6a4fa06432021-12-21 11:25:04.945root 11241100x8000000000000000527369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05876185bc3bffde2021-12-21 11:25:04.945root 11241100x8000000000000000527370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fcede4834fa4762021-12-21 11:25:04.945root 11241100x8000000000000000527371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd614c94b63362b22021-12-21 11:25:04.945root 11241100x8000000000000000527372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa585e38b24063562021-12-21 11:25:04.945root 11241100x8000000000000000527373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78dec020eb70cdf2021-12-21 11:25:05.443root 11241100x8000000000000000527374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba1a5a4bfcd7652021-12-21 11:25:05.443root 11241100x8000000000000000527375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f68c523e4aabf32021-12-21 11:25:05.443root 11241100x8000000000000000527376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77a53f7b23365e12021-12-21 11:25:05.443root 11241100x8000000000000000527377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34bfb322f7830bd2021-12-21 11:25:05.444root 11241100x8000000000000000527378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fed0c79e17ca13b2021-12-21 11:25:05.444root 11241100x8000000000000000527379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb286d677a8dc2392021-12-21 11:25:05.444root 11241100x8000000000000000527380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00080f3be7a033c2021-12-21 11:25:05.444root 11241100x8000000000000000527381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e21e68913ac7172021-12-21 11:25:05.444root 11241100x8000000000000000527382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a601d5aec6fbde842021-12-21 11:25:05.444root 11241100x8000000000000000527383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d57aadef995a42021-12-21 11:25:05.444root 11241100x8000000000000000527384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00f2540f03e3132021-12-21 11:25:05.444root 11241100x8000000000000000527385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a340a30307d8f92021-12-21 11:25:05.444root 11241100x8000000000000000527386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd9a978981837aa2021-12-21 11:25:05.444root 11241100x8000000000000000527387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a75ee956132af2021-12-21 11:25:05.444root 11241100x8000000000000000527388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f098961ad9a42bd22021-12-21 11:25:05.444root 11241100x8000000000000000527389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5465ce420f697ca02021-12-21 11:25:05.444root 11241100x8000000000000000527390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdee082388219002021-12-21 11:25:05.444root 11241100x8000000000000000527391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b16742bb678bc82021-12-21 11:25:05.444root 11241100x8000000000000000527392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddefa63c38fb6192021-12-21 11:25:05.444root 11241100x8000000000000000527393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ebea5fed106b12021-12-21 11:25:05.445root 11241100x8000000000000000527394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d77e4b41f7a44802021-12-21 11:25:05.943root 11241100x8000000000000000527395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194e39989033ac32021-12-21 11:25:05.943root 11241100x8000000000000000527396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febf1f81b968f4b72021-12-21 11:25:05.943root 11241100x8000000000000000527397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305fa178bfd9ad32021-12-21 11:25:05.944root 11241100x8000000000000000527398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df27f3e3aa1ee952021-12-21 11:25:05.944root 11241100x8000000000000000527399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927b3e2793a5ebe32021-12-21 11:25:05.945root 11241100x8000000000000000527400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b80335a99c2f422021-12-21 11:25:05.945root 11241100x8000000000000000527401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7597bc181f3deb2021-12-21 11:25:05.945root 11241100x8000000000000000527402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91821468653bd112021-12-21 11:25:05.945root 11241100x8000000000000000527403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cee7d0b85d544a22021-12-21 11:25:05.945root 11241100x8000000000000000527404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d281215b52a6372021-12-21 11:25:05.945root 11241100x8000000000000000527405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250f5050cfd720572021-12-21 11:25:05.945root 11241100x8000000000000000527406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c9c18cda9761992021-12-21 11:25:05.945root 11241100x8000000000000000527407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398380a32678ed92021-12-21 11:25:05.945root 11241100x8000000000000000527408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acadc90c1a4002cf2021-12-21 11:25:05.945root 11241100x8000000000000000527409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359de9a28421891d2021-12-21 11:25:05.945root 11241100x8000000000000000527410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7bd9336e593282021-12-21 11:25:05.945root 11241100x8000000000000000527411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08df95f1cec35082021-12-21 11:25:05.946root 11241100x8000000000000000527412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76b034f7011ce7d2021-12-21 11:25:05.946root 11241100x8000000000000000527413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10fe0665bfcc2cc2021-12-21 11:25:05.946root 11241100x8000000000000000527414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303186c348475b592021-12-21 11:25:05.946root 11241100x8000000000000000527415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baef97fee2220132021-12-21 11:25:05.946root 11241100x8000000000000000527416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64ff1aa47add9232021-12-21 11:25:05.946root 11241100x8000000000000000527417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8f3cb2d512b8a42021-12-21 11:25:05.946root 354300x8000000000000000527418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.170{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48508-false10.0.1.12-8000- 11241100x8000000000000000527419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.329{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:25:06.329root 11241100x8000000000000000527420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4335a3bcfbb3b7bc2021-12-21 11:25:06.330root 11241100x8000000000000000527421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b9ec95f01e21852021-12-21 11:25:06.331root 11241100x8000000000000000527422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac3592ad2946e102021-12-21 11:25:06.331root 11241100x8000000000000000527423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c8f219fcf92ea62021-12-21 11:25:06.331root 11241100x8000000000000000527424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f704f2444f7eec2021-12-21 11:25:06.331root 11241100x8000000000000000527425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23c6b5e78774122021-12-21 11:25:06.331root 11241100x8000000000000000527426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6d173a634cd632021-12-21 11:25:06.331root 11241100x8000000000000000527427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c56d9153ef24b432021-12-21 11:25:06.332root 11241100x8000000000000000527428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948102fdccc6c5872021-12-21 11:25:06.332root 11241100x8000000000000000527429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46c59fbf9ada1fd2021-12-21 11:25:06.332root 11241100x8000000000000000527430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d734c3b9687e52032021-12-21 11:25:06.332root 11241100x8000000000000000527431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ebdb7f9c482a352021-12-21 11:25:06.332root 11241100x8000000000000000527432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a954995f8d443d2021-12-21 11:25:06.332root 11241100x8000000000000000527433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b838f9d066a8d37a2021-12-21 11:25:06.332root 11241100x8000000000000000527434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9d5baab25760bf2021-12-21 11:25:06.332root 11241100x8000000000000000527435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c591d64cb6b07db2021-12-21 11:25:06.332root 11241100x8000000000000000527436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f782d527f135e82021-12-21 11:25:06.332root 11241100x8000000000000000527437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a68984d1ee6a3c2021-12-21 11:25:06.332root 11241100x8000000000000000527438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58acb4853cb8d6452021-12-21 11:25:06.332root 11241100x8000000000000000527439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b311a98d4852b5f2021-12-21 11:25:06.333root 11241100x8000000000000000527440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d14ce2e2df067ac2021-12-21 11:25:06.333root 11241100x8000000000000000527441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64aab6329beef022021-12-21 11:25:06.333root 11241100x8000000000000000527442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ef042c89408e82021-12-21 11:25:06.333root 11241100x8000000000000000527443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a469a85f59d9152021-12-21 11:25:06.333root 11241100x8000000000000000527444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a05ae7e70a352162021-12-21 11:25:06.334root 11241100x8000000000000000527445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b28ee64368505402021-12-21 11:25:06.693root 11241100x8000000000000000527446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e6e21cb39458942021-12-21 11:25:06.693root 11241100x8000000000000000527447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ff603c9ea243822021-12-21 11:25:06.693root 11241100x8000000000000000527448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230b2ecd591e6532021-12-21 11:25:06.693root 11241100x8000000000000000527449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcc443b96cdbcf82021-12-21 11:25:06.693root 11241100x8000000000000000527450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00251c48fdae2b002021-12-21 11:25:06.694root 11241100x8000000000000000527451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34bd206bc2e08512021-12-21 11:25:06.694root 11241100x8000000000000000527452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ce623cc7fa4d5c2021-12-21 11:25:06.694root 11241100x8000000000000000527453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006b1f7be8ae7ae22021-12-21 11:25:06.694root 11241100x8000000000000000527454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5a16d6e97060902021-12-21 11:25:06.694root 11241100x8000000000000000527455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09083df0a91253a42021-12-21 11:25:06.694root 11241100x8000000000000000527456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d99b06e76750692021-12-21 11:25:06.694root 11241100x8000000000000000527457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f3b1b066f078682021-12-21 11:25:06.694root 11241100x8000000000000000527458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e6bc7df5ee19d2021-12-21 11:25:06.694root 11241100x8000000000000000527459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96442a1edc9d7c642021-12-21 11:25:06.694root 11241100x8000000000000000527460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2985ea5f97a5bbc2021-12-21 11:25:06.694root 11241100x8000000000000000527461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34705f24716db1d2021-12-21 11:25:06.694root 11241100x8000000000000000527462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a089191957f417af2021-12-21 11:25:06.695root 11241100x8000000000000000527463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e243b3ea54542b2021-12-21 11:25:06.695root 11241100x8000000000000000527464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe1c874fdf4dc1d2021-12-21 11:25:06.695root 11241100x8000000000000000527465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e95503662a3ee72021-12-21 11:25:06.695root 11241100x8000000000000000527466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efb37ac6ba7cced2021-12-21 11:25:06.695root 11241100x8000000000000000527467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c48ffdf9feb8b12021-12-21 11:25:06.696root 11241100x8000000000000000527468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b925dc2ca789d22021-12-21 11:25:06.696root 11241100x8000000000000000527469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60119f5f2e36132b2021-12-21 11:25:06.696root 11241100x8000000000000000527470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5b118f16f685062021-12-21 11:25:06.696root 11241100x8000000000000000527471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c36477f0c9831f92021-12-21 11:25:06.696root 11241100x8000000000000000527472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1ca30b7f9f12d92021-12-21 11:25:06.696root 11241100x8000000000000000527473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee1ff2a32c680712021-12-21 11:25:06.696root 11241100x8000000000000000527474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d1faf4a1f763602021-12-21 11:25:06.696root 11241100x8000000000000000527475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f964c7ace9bbf7162021-12-21 11:25:06.696root 11241100x8000000000000000527476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35b317ab52a0f8e2021-12-21 11:25:06.696root 11241100x8000000000000000527477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e428156d32593d92021-12-21 11:25:06.697root 11241100x8000000000000000527478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbe229cfb9408332021-12-21 11:25:06.697root 11241100x8000000000000000527479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fe0bfcf4904e92021-12-21 11:25:06.697root 11241100x8000000000000000527480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f6bee3eb591d7d2021-12-21 11:25:06.697root 11241100x8000000000000000527481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea1f8da4c123552021-12-21 11:25:06.697root 11241100x8000000000000000527482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69a36377904ac9a2021-12-21 11:25:06.697root 11241100x8000000000000000527483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3fb399f203d03d2021-12-21 11:25:06.697root 11241100x8000000000000000527484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504390148d67d7772021-12-21 11:25:06.697root 11241100x8000000000000000527485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181018791c7f6cd52021-12-21 11:25:06.697root 11241100x8000000000000000527486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73333cd690425e882021-12-21 11:25:06.698root 11241100x8000000000000000527487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6d9caa19f31fa62021-12-21 11:25:06.698root 11241100x8000000000000000527488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589973c4631bd3e82021-12-21 11:25:06.698root 11241100x8000000000000000527489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889aaa4b6c45bb622021-12-21 11:25:06.698root 11241100x8000000000000000527490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ead1fe78776d352021-12-21 11:25:06.698root 11241100x8000000000000000527491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d0ce93539f8312021-12-21 11:25:06.698root 11241100x8000000000000000527492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4c7aef2b8a7f712021-12-21 11:25:06.698root 11241100x8000000000000000527493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ef4a83f6bc5bf12021-12-21 11:25:06.698root 11241100x8000000000000000527494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993f9552d587ec32021-12-21 11:25:06.698root 11241100x8000000000000000527495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6390a52f3f95c10d2021-12-21 11:25:06.698root 11241100x8000000000000000527496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816036893a4937f32021-12-21 11:25:06.699root 11241100x8000000000000000527497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498fdbbb57bff3472021-12-21 11:25:06.699root 11241100x8000000000000000527498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2bd6ba813a7f422021-12-21 11:25:06.699root 11241100x8000000000000000527499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793ed6909bc4e9232021-12-21 11:25:06.699root 11241100x8000000000000000527500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecce4a681a321a482021-12-21 11:25:06.699root 11241100x8000000000000000527501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93149c1468646a8f2021-12-21 11:25:06.700root 11241100x8000000000000000527502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e9a77be0a6fe152021-12-21 11:25:06.700root 11241100x8000000000000000527503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c21c44574d8704b2021-12-21 11:25:06.700root 11241100x8000000000000000527504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be56e32ac7d3cd9a2021-12-21 11:25:06.700root 11241100x8000000000000000527505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1269fcfab86a32021-12-21 11:25:06.700root 11241100x8000000000000000527506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d0306206675a4f2021-12-21 11:25:06.700root 11241100x8000000000000000527507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15480df2acc4bfa2021-12-21 11:25:06.700root 11241100x8000000000000000527508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60bcf02e496d26a2021-12-21 11:25:06.700root 11241100x8000000000000000527509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc3f86aae7acfd02021-12-21 11:25:06.700root 11241100x8000000000000000527510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f2d42ed478cc362021-12-21 11:25:06.700root 11241100x8000000000000000527511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e194e07dea76ae62021-12-21 11:25:06.700root 11241100x8000000000000000527512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404aa318d0f147852021-12-21 11:25:06.701root 11241100x8000000000000000527513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f85bc170b015152021-12-21 11:25:06.701root 11241100x8000000000000000527514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848e53bb548e94562021-12-21 11:25:06.701root 11241100x8000000000000000527515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f63f98522177412021-12-21 11:25:06.701root 11241100x8000000000000000527516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d9f4e295c499e2021-12-21 11:25:06.701root 11241100x8000000000000000527517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f429e7488626fb2021-12-21 11:25:06.701root 11241100x8000000000000000527518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a242200a9becb2021-12-21 11:25:06.701root 11241100x8000000000000000527519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8293f55a12edcd82021-12-21 11:25:06.701root 11241100x8000000000000000527520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581944c56428329e2021-12-21 11:25:07.193root 11241100x8000000000000000527521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824471684541dcdb2021-12-21 11:25:07.193root 11241100x8000000000000000527522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b38654f42905342021-12-21 11:25:07.193root 11241100x8000000000000000527523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66340575a4eb4d32021-12-21 11:25:07.193root 11241100x8000000000000000527524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c20177ed2161c542021-12-21 11:25:07.193root 11241100x8000000000000000527525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d16d4c398aafd82021-12-21 11:25:07.193root 11241100x8000000000000000527526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525cd7af04b688102021-12-21 11:25:07.194root 11241100x8000000000000000527527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3773a6184519fe2021-12-21 11:25:07.194root 11241100x8000000000000000527528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3154a70cd4edb562021-12-21 11:25:07.194root 11241100x8000000000000000527529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e096af61fc53956b2021-12-21 11:25:07.194root 11241100x8000000000000000527530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e083604a2ec26c2021-12-21 11:25:07.194root 11241100x8000000000000000527531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a8b9559c2a6752021-12-21 11:25:07.194root 11241100x8000000000000000527532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da110c40e829339d2021-12-21 11:25:07.194root 11241100x8000000000000000527533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85443aa77206140b2021-12-21 11:25:07.194root 11241100x8000000000000000527534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc2cdbaf78f20842021-12-21 11:25:07.194root 11241100x8000000000000000527535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c115b9d57b6fdb1f2021-12-21 11:25:07.194root 11241100x8000000000000000527536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6870887bf5eb642021-12-21 11:25:07.194root 11241100x8000000000000000527537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15744ea07aa3fcb2021-12-21 11:25:07.194root 11241100x8000000000000000527538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f5d787a624b7d2021-12-21 11:25:07.194root 11241100x8000000000000000527539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d7f89aa4e02e762021-12-21 11:25:07.194root 11241100x8000000000000000527540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429997452650790e2021-12-21 11:25:07.194root 11241100x8000000000000000527541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfb770b1fe477692021-12-21 11:25:07.194root 11241100x8000000000000000527542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab6f2692f4e51a82021-12-21 11:25:07.195root 11241100x8000000000000000527543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77af9731031cf25d2021-12-21 11:25:07.693root 11241100x8000000000000000527544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16382b8e49fec4a2021-12-21 11:25:07.693root 11241100x8000000000000000527545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8638e13e7c3ff22021-12-21 11:25:07.693root 11241100x8000000000000000527546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc932324171994712021-12-21 11:25:07.693root 11241100x8000000000000000527547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe9932ed33496d2021-12-21 11:25:07.693root 11241100x8000000000000000527548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1ded6812ee19f72021-12-21 11:25:07.693root 11241100x8000000000000000527549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc11b3111c75e4a2021-12-21 11:25:07.693root 11241100x8000000000000000527550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709cc27b479f71c92021-12-21 11:25:07.693root 11241100x8000000000000000527551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e15072d6c5f69f2021-12-21 11:25:07.693root 11241100x8000000000000000527552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691e75dd7e726162021-12-21 11:25:07.693root 11241100x8000000000000000527553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf11eba3d52022d62021-12-21 11:25:07.694root 11241100x8000000000000000527554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b53bc59672b7f212021-12-21 11:25:07.694root 11241100x8000000000000000527555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ba3224897858112021-12-21 11:25:07.694root 11241100x8000000000000000527556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e40132c41e6e182021-12-21 11:25:07.694root 11241100x8000000000000000527557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3f974365562deb2021-12-21 11:25:07.694root 11241100x8000000000000000527558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0756246f6ff5c26d2021-12-21 11:25:07.694root 11241100x8000000000000000527559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e627262b6ba6a222021-12-21 11:25:07.694root 11241100x8000000000000000527560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7007ef749d3bc4a22021-12-21 11:25:07.694root 11241100x8000000000000000527561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15c332890c8be92021-12-21 11:25:07.695root 11241100x8000000000000000527562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b653421836cec9a2021-12-21 11:25:07.695root 11241100x8000000000000000527563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead645d99ec4c9402021-12-21 11:25:07.695root 11241100x8000000000000000527564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af6785d88657a42021-12-21 11:25:07.695root 11241100x8000000000000000527565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db37e898eed3f7ea2021-12-21 11:25:07.695root 11241100x8000000000000000527566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625dfa84e3c95ce2021-12-21 11:25:07.695root 11241100x8000000000000000527567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605b67dab83fdee2021-12-21 11:25:07.695root 11241100x8000000000000000527568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ee88c1f05fde1d2021-12-21 11:25:07.696root 11241100x8000000000000000527569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b734913f86c3b2632021-12-21 11:25:07.696root 11241100x8000000000000000527570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739d697e81d818c82021-12-21 11:25:07.696root 11241100x8000000000000000527571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a97322556621c2021-12-21 11:25:07.696root 11241100x8000000000000000527572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1eeece92dccf42021-12-21 11:25:07.697root 11241100x8000000000000000527573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ab19756b3f3d6a2021-12-21 11:25:07.697root 11241100x8000000000000000527574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fdde6cb89690742021-12-21 11:25:07.697root 11241100x8000000000000000527575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc54f87034b56a2021-12-21 11:25:07.697root 11241100x8000000000000000527576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5891f89e07c8b592021-12-21 11:25:07.697root 11241100x8000000000000000527577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3a11838dbe0c82021-12-21 11:25:07.698root 11241100x8000000000000000527578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98340577549912eb2021-12-21 11:25:07.698root 11241100x8000000000000000527579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3123ab529b74ac882021-12-21 11:25:07.698root 11241100x8000000000000000527580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8819cb93c96a80b92021-12-21 11:25:07.698root 11241100x8000000000000000527581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cb3a15ac6fa40d2021-12-21 11:25:07.698root 11241100x8000000000000000527582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c91f812b15573b92021-12-21 11:25:07.699root 11241100x8000000000000000527583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c60a0dc460730692021-12-21 11:25:08.193root 11241100x8000000000000000527584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b39674c2315c342021-12-21 11:25:08.193root 11241100x8000000000000000527585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc671436ed804072021-12-21 11:25:08.194root 11241100x8000000000000000527586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1738086f75e4322021-12-21 11:25:08.194root 11241100x8000000000000000527587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c359a0ea105927e2021-12-21 11:25:08.194root 11241100x8000000000000000527588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a196b4d2bcca31f2021-12-21 11:25:08.194root 11241100x8000000000000000527589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675567c6018496942021-12-21 11:25:08.194root 11241100x8000000000000000527590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832c4ce8eb928b902021-12-21 11:25:08.194root 11241100x8000000000000000527591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a870aed65c178d2021-12-21 11:25:08.195root 11241100x8000000000000000527592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9667749e4665a0932021-12-21 11:25:08.195root 11241100x8000000000000000527593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c778044d7913e4b2021-12-21 11:25:08.195root 11241100x8000000000000000527594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8338d2782fd85e02021-12-21 11:25:08.195root 11241100x8000000000000000527595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0406af1ce80aba552021-12-21 11:25:08.195root 11241100x8000000000000000527596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e49ab5ecaf374332021-12-21 11:25:08.195root 11241100x8000000000000000527597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ee1c1021ef89752021-12-21 11:25:08.195root 11241100x8000000000000000527598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be210c1a5929ddbd2021-12-21 11:25:08.195root 11241100x8000000000000000527599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846600a89665917d2021-12-21 11:25:08.195root 11241100x8000000000000000527600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0766ab7bfbeeed972021-12-21 11:25:08.195root 11241100x8000000000000000527601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc8732cdfd7adc12021-12-21 11:25:08.195root 11241100x8000000000000000527602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f8a33a61eaa9a2021-12-21 11:25:08.196root 11241100x8000000000000000527603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ccbd3594fb5b982021-12-21 11:25:08.196root 11241100x8000000000000000527604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c0fce0d7f4b73a2021-12-21 11:25:08.196root 11241100x8000000000000000527605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bc7e6537cfe6ab2021-12-21 11:25:08.196root 11241100x8000000000000000527606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d6e74866d395212021-12-21 11:25:08.693root 11241100x8000000000000000527607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b878de6bbd5592b52021-12-21 11:25:08.693root 11241100x8000000000000000527608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52cbbd910bf47b82021-12-21 11:25:08.694root 11241100x8000000000000000527609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d863bfb6be23c24e2021-12-21 11:25:08.694root 11241100x8000000000000000527610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bcf43288e25ba42021-12-21 11:25:08.694root 11241100x8000000000000000527611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5b181ac398f36c2021-12-21 11:25:08.694root 11241100x8000000000000000527612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096c922eefa050182021-12-21 11:25:08.694root 11241100x8000000000000000527613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f539219e24ab4bb2021-12-21 11:25:08.694root 11241100x8000000000000000527614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee922b8918d69592021-12-21 11:25:08.694root 11241100x8000000000000000527615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071c67d11c6066c52021-12-21 11:25:08.694root 11241100x8000000000000000527616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f41daba79cc7e902021-12-21 11:25:08.695root 11241100x8000000000000000527617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d900b80a2ee8acba2021-12-21 11:25:08.695root 11241100x8000000000000000527618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca21f8d19315e8982021-12-21 11:25:08.695root 11241100x8000000000000000527619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d03425802734552021-12-21 11:25:08.695root 11241100x8000000000000000527620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c222d33a4ac1742021-12-21 11:25:08.695root 11241100x8000000000000000527621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d252e21d8c6ee92021-12-21 11:25:08.695root 11241100x8000000000000000527622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad61595e67c9b3b2021-12-21 11:25:08.695root 11241100x8000000000000000527623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fb9c58555e89e2021-12-21 11:25:08.695root 11241100x8000000000000000527624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b88635e232a54f2021-12-21 11:25:08.695root 11241100x8000000000000000527625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cf6137458128402021-12-21 11:25:08.695root 11241100x8000000000000000527626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cca91705c0db722021-12-21 11:25:08.695root 11241100x8000000000000000527627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9250739d3d9a612021-12-21 11:25:08.695root 11241100x8000000000000000527628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69008469dd9fed1d2021-12-21 11:25:08.696root 11241100x8000000000000000527629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15329f69039aaa1e2021-12-21 11:25:09.193root 11241100x8000000000000000527630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596e0d4fdfe41fdb2021-12-21 11:25:09.193root 11241100x8000000000000000527631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c6ea27ddc79ff2021-12-21 11:25:09.194root 11241100x8000000000000000527632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca81eda818812972021-12-21 11:25:09.194root 11241100x8000000000000000527633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da668689d06d49202021-12-21 11:25:09.194root 11241100x8000000000000000527634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e892f780898e432021-12-21 11:25:09.194root 11241100x8000000000000000527635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af69da1b1491d72021-12-21 11:25:09.194root 11241100x8000000000000000527636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a2ca9fd2c9ab92021-12-21 11:25:09.194root 11241100x8000000000000000527637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc9f92ffaa93d992021-12-21 11:25:09.194root 11241100x8000000000000000527638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1febd2505fa62bc02021-12-21 11:25:09.194root 11241100x8000000000000000527639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab32a095cfe551d12021-12-21 11:25:09.194root 11241100x8000000000000000527640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef24463adb28f902021-12-21 11:25:09.194root 11241100x8000000000000000527641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca319e06e408a85c2021-12-21 11:25:09.194root 11241100x8000000000000000527642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f052ecbb8885a3e2021-12-21 11:25:09.194root 11241100x8000000000000000527643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0593fb43804e87402021-12-21 11:25:09.194root 11241100x8000000000000000527644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e4668490d6b35b2021-12-21 11:25:09.194root 11241100x8000000000000000527645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7ed3908a0c01e2021-12-21 11:25:09.194root 11241100x8000000000000000527646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6518026466306d812021-12-21 11:25:09.195root 11241100x8000000000000000527647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe7b0e087702d642021-12-21 11:25:09.195root 11241100x8000000000000000527648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15253dbab132cc172021-12-21 11:25:09.195root 11241100x8000000000000000527649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16fb52c8f40db472021-12-21 11:25:09.195root 11241100x8000000000000000527650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54af194622a8e13b2021-12-21 11:25:09.195root 11241100x8000000000000000527651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055b990e25fa1f82021-12-21 11:25:09.195root 23542300x8000000000000000527652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.331{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000527653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e0ea9324661312021-12-21 11:25:09.693root 11241100x8000000000000000527654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1644d1425769a62021-12-21 11:25:09.694root 11241100x8000000000000000527655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb52dfed4b80b0902021-12-21 11:25:09.694root 11241100x8000000000000000527656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9d7390a0a2a1f2021-12-21 11:25:09.694root 11241100x8000000000000000527657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca32166fa66dcc12021-12-21 11:25:09.694root 11241100x8000000000000000527658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531835378a05c152021-12-21 11:25:09.694root 11241100x8000000000000000527659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0208b7e3817879a2021-12-21 11:25:09.694root 11241100x8000000000000000527660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6201ee9e1b1aed2021-12-21 11:25:09.694root 11241100x8000000000000000527661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7613d469d5b8dbe2021-12-21 11:25:09.694root 11241100x8000000000000000527662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6be79847c59f442021-12-21 11:25:09.694root 11241100x8000000000000000527663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718aa0db66364c1b2021-12-21 11:25:09.695root 11241100x8000000000000000527664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c2959919731cbe2021-12-21 11:25:09.695root 11241100x8000000000000000527665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897f3375c2cc39b72021-12-21 11:25:09.695root 11241100x8000000000000000527666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a9beabaea49b202021-12-21 11:25:09.695root 11241100x8000000000000000527667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e317e5be421c522021-12-21 11:25:09.695root 11241100x8000000000000000527668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ace87ff0a301382021-12-21 11:25:09.695root 11241100x8000000000000000527669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b971305a46cf0b2021-12-21 11:25:09.695root 11241100x8000000000000000527670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a8c9d823f9b11c2021-12-21 11:25:09.695root 11241100x8000000000000000527671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8989692038ab11ac2021-12-21 11:25:09.695root 11241100x8000000000000000527672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119a499b61f92d562021-12-21 11:25:09.695root 11241100x8000000000000000527673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe8d158e92e338c2021-12-21 11:25:09.696root 11241100x8000000000000000527674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d604fc8789dfc552021-12-21 11:25:09.696root 11241100x8000000000000000527675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfe0d1c7e2dd192021-12-21 11:25:09.696root 11241100x8000000000000000527676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6109ad6080e949052021-12-21 11:25:09.696root 11241100x8000000000000000527677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a54857b6a8de662021-12-21 11:25:10.193root 11241100x8000000000000000527678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775bedc663459dbb2021-12-21 11:25:10.193root 11241100x8000000000000000527679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e30464fc3f5a752021-12-21 11:25:10.194root 11241100x8000000000000000527680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e671f595e6949c2e2021-12-21 11:25:10.194root 11241100x8000000000000000527681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a571cd9cbff3ec2021-12-21 11:25:10.194root 11241100x8000000000000000527682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52bf7c067898e062021-12-21 11:25:10.194root 11241100x8000000000000000527683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fb834ae7befe1f2021-12-21 11:25:10.194root 11241100x8000000000000000527684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d06d60995cfc342021-12-21 11:25:10.194root 11241100x8000000000000000527685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55725e1adde1870f2021-12-21 11:25:10.194root 11241100x8000000000000000527686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57495ebd046641e42021-12-21 11:25:10.194root 11241100x8000000000000000527687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b03a936bc03d92021-12-21 11:25:10.194root 11241100x8000000000000000527688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adc7560b064340c2021-12-21 11:25:10.194root 11241100x8000000000000000527689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7e92cf880bc19e2021-12-21 11:25:10.195root 11241100x8000000000000000527690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064039d6d80323522021-12-21 11:25:10.195root 11241100x8000000000000000527691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5180a678e86218c2021-12-21 11:25:10.195root 11241100x8000000000000000527692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d5b05ec362e49d2021-12-21 11:25:10.195root 11241100x8000000000000000527693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884cff36debf2dc02021-12-21 11:25:10.195root 11241100x8000000000000000527694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb68c5cebdf64fec2021-12-21 11:25:10.195root 11241100x8000000000000000527695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55234f28036ab1642021-12-21 11:25:10.195root 11241100x8000000000000000527696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b787d3c65c6c2342021-12-21 11:25:10.196root 11241100x8000000000000000527697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9dedb21ed9224f2021-12-21 11:25:10.196root 11241100x8000000000000000527698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddeda3958b660e92021-12-21 11:25:10.196root 11241100x8000000000000000527699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07ed8ec5b45c672021-12-21 11:25:10.196root 11241100x8000000000000000527700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b7d5e92f10eec52021-12-21 11:25:10.196root 11241100x8000000000000000527701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd319b406d65d1472021-12-21 11:25:10.693root 11241100x8000000000000000527702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f490d426fd4bb6e2021-12-21 11:25:10.693root 11241100x8000000000000000527703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3aa13d8f53d39f42021-12-21 11:25:10.694root 11241100x8000000000000000527704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9068674a368790882021-12-21 11:25:10.694root 11241100x8000000000000000527705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51f6662d569cbe82021-12-21 11:25:10.694root 11241100x8000000000000000527706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83aa94d0a67b10a2021-12-21 11:25:10.694root 11241100x8000000000000000527707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c6971d4b40bd62021-12-21 11:25:10.694root 11241100x8000000000000000527708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cac5e8494869e42021-12-21 11:25:10.694root 11241100x8000000000000000527709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f190200249d12d882021-12-21 11:25:10.694root 11241100x8000000000000000527710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a07bf61947eceed2021-12-21 11:25:10.694root 11241100x8000000000000000527711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639089377fb8b282021-12-21 11:25:10.694root 11241100x8000000000000000527712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6937dc70fc5e3352021-12-21 11:25:10.694root 11241100x8000000000000000527713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc738e4245864e662021-12-21 11:25:10.694root 11241100x8000000000000000527714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331ab48cb0b50c0a2021-12-21 11:25:10.695root 11241100x8000000000000000527715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90d303dabf9d2972021-12-21 11:25:10.695root 11241100x8000000000000000527716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995f962e712e7e702021-12-21 11:25:10.695root 11241100x8000000000000000527717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf57a877b5c1e28d2021-12-21 11:25:10.695root 11241100x8000000000000000527718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2eab7ae244e1a32021-12-21 11:25:10.695root 11241100x8000000000000000527719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39876eac9678c52021-12-21 11:25:10.695root 11241100x8000000000000000527720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d134fc2399b18e82021-12-21 11:25:10.695root 11241100x8000000000000000527721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1edd3ec7afbf082021-12-21 11:25:10.695root 11241100x8000000000000000527722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef89fae45426552021-12-21 11:25:10.695root 11241100x8000000000000000527723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69ac21e78d47dd72021-12-21 11:25:10.695root 11241100x8000000000000000527724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1f115bd0063ec32021-12-21 11:25:10.695root 11241100x8000000000000000527725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed75e357dc36d042021-12-21 11:25:11.193root 11241100x8000000000000000527726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b487f487c4ba9f22021-12-21 11:25:11.193root 11241100x8000000000000000527727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ce7e52d5aa50602021-12-21 11:25:11.194root 11241100x8000000000000000527728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb49c60cd001a232021-12-21 11:25:11.194root 11241100x8000000000000000527729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b6d82201196392021-12-21 11:25:11.194root 11241100x8000000000000000527730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e800f87737bcd3c42021-12-21 11:25:11.194root 11241100x8000000000000000527731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3cd2effbae0cf22021-12-21 11:25:11.194root 11241100x8000000000000000527732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514d37b3201f658c2021-12-21 11:25:11.194root 11241100x8000000000000000527733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32180cfce067de9e2021-12-21 11:25:11.194root 11241100x8000000000000000527734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e9939835af4e482021-12-21 11:25:11.194root 11241100x8000000000000000527735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108d06626273720f2021-12-21 11:25:11.194root 11241100x8000000000000000527736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb7d88794f51b3c2021-12-21 11:25:11.194root 11241100x8000000000000000527737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9043bbab60b74e0c2021-12-21 11:25:11.194root 11241100x8000000000000000527738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c6d117d7368d3a2021-12-21 11:25:11.194root 11241100x8000000000000000527739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354808c3e5d2123e2021-12-21 11:25:11.194root 11241100x8000000000000000527740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71f0b1e826a00382021-12-21 11:25:11.195root 11241100x8000000000000000527741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9055bad8744704492021-12-21 11:25:11.195root 11241100x8000000000000000527742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9b4f0fb3a30f402021-12-21 11:25:11.195root 11241100x8000000000000000527743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14597ddbf2573e2021-12-21 11:25:11.195root 11241100x8000000000000000527744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62977a52de7bf912021-12-21 11:25:11.195root 11241100x8000000000000000527745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c58044ba7b4cf5e2021-12-21 11:25:11.195root 11241100x8000000000000000527746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5950ccd456ad3a2021-12-21 11:25:11.195root 11241100x8000000000000000527747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492510221031e6b32021-12-21 11:25:11.195root 11241100x8000000000000000527748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212079654f086aff2021-12-21 11:25:11.196root 354300x8000000000000000527749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.239{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48510-false10.0.1.12-8000- 11241100x8000000000000000527750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30da5178804568062021-12-21 11:25:11.693root 11241100x8000000000000000527751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6950d880fd73eb12021-12-21 11:25:11.694root 11241100x8000000000000000527752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71300749dcf3d04e2021-12-21 11:25:11.694root 11241100x8000000000000000527753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcebbe6ceba35d2021-12-21 11:25:11.694root 11241100x8000000000000000527754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608e466b862c5c72021-12-21 11:25:11.694root 11241100x8000000000000000527755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb97866ddfe3382021-12-21 11:25:11.695root 11241100x8000000000000000527756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c35d139dda43d532021-12-21 11:25:11.695root 11241100x8000000000000000527757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe5b2c2d148cfe62021-12-21 11:25:11.695root 11241100x8000000000000000527758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869945897c6b0b32021-12-21 11:25:11.695root 11241100x8000000000000000527759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad288c7b41c5aa82021-12-21 11:25:11.695root 11241100x8000000000000000527760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdac0db21b008272021-12-21 11:25:11.695root 11241100x8000000000000000527761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a1f9d5d4db91c12021-12-21 11:25:11.695root 11241100x8000000000000000527762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac6efcee1fe5eb2021-12-21 11:25:11.695root 11241100x8000000000000000527763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7fc17423cd2e942021-12-21 11:25:11.695root 11241100x8000000000000000527764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59e036d89be4ee22021-12-21 11:25:11.695root 11241100x8000000000000000527765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd7e46028844c52021-12-21 11:25:11.695root 11241100x8000000000000000527766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1be08b5a7bd0d912021-12-21 11:25:11.695root 11241100x8000000000000000527767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd115379c4362b4f2021-12-21 11:25:11.696root 11241100x8000000000000000527768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ef504692f88092021-12-21 11:25:11.696root 11241100x8000000000000000527769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5717743cf02672021-12-21 11:25:11.696root 11241100x8000000000000000527770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25600511861a56a2021-12-21 11:25:11.696root 11241100x8000000000000000527771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db43f7a57755bf872021-12-21 11:25:11.696root 11241100x8000000000000000527772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064076ce1fd6df512021-12-21 11:25:11.696root 11241100x8000000000000000527773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5227ef52cf74ab8d2021-12-21 11:25:11.696root 11241100x8000000000000000527774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312a9773d5d2b2c92021-12-21 11:25:11.696root 11241100x8000000000000000527775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421bb3ee9a6805322021-12-21 11:25:12.193root 11241100x8000000000000000527776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee30a75f995af142021-12-21 11:25:12.194root 11241100x8000000000000000527777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51945958a6c35f272021-12-21 11:25:12.194root 11241100x8000000000000000527778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a1e81a5f54600d2021-12-21 11:25:12.194root 11241100x8000000000000000527779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a111b07fee324bb2021-12-21 11:25:12.194root 11241100x8000000000000000527780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6444722b5b0e213c2021-12-21 11:25:12.194root 11241100x8000000000000000527781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c669212fc65eec4f2021-12-21 11:25:12.194root 11241100x8000000000000000527782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bc276a6c8ab10f2021-12-21 11:25:12.194root 11241100x8000000000000000527783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc6d9082dadb8a2021-12-21 11:25:12.195root 11241100x8000000000000000527784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2926ff0ac12494382021-12-21 11:25:12.195root 11241100x8000000000000000527785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d33bc66d9c0738f2021-12-21 11:25:12.195root 11241100x8000000000000000527786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb4f6be960424c2021-12-21 11:25:12.195root 11241100x8000000000000000527787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1df6ba53718a42021-12-21 11:25:12.195root 11241100x8000000000000000527788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b2e765bd35fdf22021-12-21 11:25:12.195root 11241100x8000000000000000527789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644b5617aae25c062021-12-21 11:25:12.195root 11241100x8000000000000000527790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642dad094bfb2cba2021-12-21 11:25:12.195root 11241100x8000000000000000527791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67099260b2891dfc2021-12-21 11:25:12.195root 11241100x8000000000000000527792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea6d77a421c0f22021-12-21 11:25:12.196root 11241100x8000000000000000527793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bf1bfc11f6ee6a2021-12-21 11:25:12.196root 11241100x8000000000000000527794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4839aedb63e2818d2021-12-21 11:25:12.196root 11241100x8000000000000000527795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e865fea1d5d4ed2021-12-21 11:25:12.196root 11241100x8000000000000000527796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfb447d004f2f892021-12-21 11:25:12.196root 11241100x8000000000000000527797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd7b89b605139332021-12-21 11:25:12.196root 11241100x8000000000000000527798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76173e8193e6f2af2021-12-21 11:25:12.196root 11241100x8000000000000000527799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148235e9b90ba4f2021-12-21 11:25:12.196root 11241100x8000000000000000527800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f41c0f2a9a45362021-12-21 11:25:12.693root 11241100x8000000000000000527801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c90a4ddac03152021-12-21 11:25:12.694root 11241100x8000000000000000527802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847311767965be6a2021-12-21 11:25:12.694root 11241100x8000000000000000527803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4789ca521393faf22021-12-21 11:25:12.694root 11241100x8000000000000000527804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aca3a67a58b8302021-12-21 11:25:12.694root 11241100x8000000000000000527805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2e485f766b5b3b2021-12-21 11:25:12.694root 11241100x8000000000000000527806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b188ff49c20b9d6c2021-12-21 11:25:12.694root 11241100x8000000000000000527807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeab33cebe88044e2021-12-21 11:25:12.694root 11241100x8000000000000000527808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3437126d29b61fe2021-12-21 11:25:12.694root 11241100x8000000000000000527809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be792330f58bbf752021-12-21 11:25:12.694root 11241100x8000000000000000527810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53964ffa1e4dc062021-12-21 11:25:12.694root 11241100x8000000000000000527811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da883c2a7f1d56b82021-12-21 11:25:12.695root 11241100x8000000000000000527812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f84e27169bd29f2021-12-21 11:25:12.695root 11241100x8000000000000000527813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29463f217e3c5512021-12-21 11:25:12.695root 11241100x8000000000000000527814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9104518f84387352021-12-21 11:25:12.695root 11241100x8000000000000000527815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc8b33d8a9d97602021-12-21 11:25:12.695root 11241100x8000000000000000527816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0cd68c210227cf2021-12-21 11:25:12.695root 11241100x8000000000000000527817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230b0efa941f32462021-12-21 11:25:12.695root 11241100x8000000000000000527818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60414a9971e6a83c2021-12-21 11:25:12.695root 11241100x8000000000000000527819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f52febac1ffcc2021-12-21 11:25:12.695root 11241100x8000000000000000527820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9742b48e438bd4d42021-12-21 11:25:12.695root 11241100x8000000000000000527821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a8d0de3566f4be2021-12-21 11:25:12.695root 11241100x8000000000000000527822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a66d34de9f25872021-12-21 11:25:12.695root 11241100x8000000000000000527823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8619808df157ae402021-12-21 11:25:12.695root 11241100x8000000000000000527824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a23a535b215c82e2021-12-21 11:25:12.696root 11241100x8000000000000000527825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f091900b80143542021-12-21 11:25:13.193root 11241100x8000000000000000527826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe684dfb5a88502021-12-21 11:25:13.194root 11241100x8000000000000000527827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c0a081301faf2d2021-12-21 11:25:13.194root 11241100x8000000000000000527828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bf4454d11c57b42021-12-21 11:25:13.194root 11241100x8000000000000000527829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10b3e6c2c52e48b2021-12-21 11:25:13.194root 11241100x8000000000000000527830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aa8aca7a4cf02e2021-12-21 11:25:13.194root 11241100x8000000000000000527831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebafc14e6f14f962021-12-21 11:25:13.194root 11241100x8000000000000000527832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6828efadeb1e5fb82021-12-21 11:25:13.194root 11241100x8000000000000000527833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b54a1c0c5be3572021-12-21 11:25:13.194root 11241100x8000000000000000527834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abb84783214d00b2021-12-21 11:25:13.194root 11241100x8000000000000000527835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd07cf23e0278a962021-12-21 11:25:13.194root 11241100x8000000000000000527836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc41f314e81ab742021-12-21 11:25:13.194root 11241100x8000000000000000527837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8641f7e6198da2021-12-21 11:25:13.194root 11241100x8000000000000000527838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf83b3aa8f284ee02021-12-21 11:25:13.194root 11241100x8000000000000000527839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230afb6ccfbd5e092021-12-21 11:25:13.194root 11241100x8000000000000000527840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df421194bc57716c2021-12-21 11:25:13.194root 11241100x8000000000000000527841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89028dbc80a9d52021-12-21 11:25:13.195root 11241100x8000000000000000527842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7604ef326bf4052021-12-21 11:25:13.195root 11241100x8000000000000000527843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3802fcfd253ade982021-12-21 11:25:13.195root 11241100x8000000000000000527844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06ab5363f4343062021-12-21 11:25:13.195root 11241100x8000000000000000527845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb62474071d96542021-12-21 11:25:13.195root 11241100x8000000000000000527846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776325622c83b802021-12-21 11:25:13.195root 11241100x8000000000000000527847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8597558574cd40092021-12-21 11:25:13.195root 11241100x8000000000000000527848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae867fb19136232021-12-21 11:25:13.195root 11241100x8000000000000000527849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30641765a9c75f62021-12-21 11:25:13.195root 11241100x8000000000000000527850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d25d0853b334302021-12-21 11:25:13.693root 11241100x8000000000000000527851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a687708a2bc011f12021-12-21 11:25:13.694root 11241100x8000000000000000527852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f09a1f5336f5f532021-12-21 11:25:13.694root 11241100x8000000000000000527853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e100ae6c14ab84952021-12-21 11:25:13.694root 11241100x8000000000000000527854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64368170a25f34c2021-12-21 11:25:13.694root 11241100x8000000000000000527855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f41be06c4eb9c2021-12-21 11:25:13.694root 11241100x8000000000000000527856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc250730e161d6b82021-12-21 11:25:13.694root 11241100x8000000000000000527857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200b5c378beb3492021-12-21 11:25:13.694root 11241100x8000000000000000527858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f28128674158b422021-12-21 11:25:13.694root 11241100x8000000000000000527859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965eed18ed6d4e132021-12-21 11:25:13.694root 11241100x8000000000000000527860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc6c264295b7312021-12-21 11:25:13.694root 11241100x8000000000000000527861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750ab84beeb7d5d02021-12-21 11:25:13.695root 11241100x8000000000000000527862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576b1ea9780a58732021-12-21 11:25:13.695root 11241100x8000000000000000527863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cabab59b15e820f2021-12-21 11:25:13.695root 11241100x8000000000000000527864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e04a85f5e3c5e02021-12-21 11:25:13.695root 11241100x8000000000000000527865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8122c630ff351af62021-12-21 11:25:13.695root 11241100x8000000000000000527866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2deff4b973c3e72021-12-21 11:25:13.695root 11241100x8000000000000000527867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29eb5de77486c482021-12-21 11:25:13.695root 11241100x8000000000000000527868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85180ca10bc391372021-12-21 11:25:13.695root 11241100x8000000000000000527869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c2b5f0a4a0d7542021-12-21 11:25:13.696root 11241100x8000000000000000527870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8897f0a9a333eca2021-12-21 11:25:13.696root 11241100x8000000000000000527871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fc7d5e9a4c0a1d2021-12-21 11:25:13.696root 11241100x8000000000000000527872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e295347831f57dd52021-12-21 11:25:13.696root 11241100x8000000000000000527873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d61d3c6a4b43a02021-12-21 11:25:13.696root 11241100x8000000000000000527874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1babc7b595b3ea2a2021-12-21 11:25:13.697root 154100x8000000000000000527875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.873{ec2b6afe-b999-61c1-68e4-cfe4f4550000}9863/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000527876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:13.882{ec2b6afe-b999-61c1-68e4-cfe4f4550000}9863/bin/psroot 11241100x8000000000000000527877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aab69c7d73596f2021-12-21 11:25:14.193root 11241100x8000000000000000527878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee06d72fe05034ce2021-12-21 11:25:14.194root 11241100x8000000000000000527879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6fea2f2d0372542021-12-21 11:25:14.194root 11241100x8000000000000000527880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb22541d1b563632021-12-21 11:25:14.194root 11241100x8000000000000000527881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667443c290fecbc32021-12-21 11:25:14.194root 11241100x8000000000000000527882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3ea3c71cdde85a2021-12-21 11:25:14.194root 11241100x8000000000000000527883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca65ddb61ffe4ff2021-12-21 11:25:14.194root 11241100x8000000000000000527884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e331594209040a82021-12-21 11:25:14.194root 11241100x8000000000000000527885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121e63f705bde2e72021-12-21 11:25:14.194root 11241100x8000000000000000527886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279cd0b8742f3c2c2021-12-21 11:25:14.194root 11241100x8000000000000000527887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97191ceaa27ea5df2021-12-21 11:25:14.194root 11241100x8000000000000000527888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f6fa1dd3eaa5392021-12-21 11:25:14.195root 11241100x8000000000000000527889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a543a2d842fcc5e2021-12-21 11:25:14.195root 11241100x8000000000000000527890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ab9d46b76f10a62021-12-21 11:25:14.195root 11241100x8000000000000000527891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e90cfa5f00c17e2021-12-21 11:25:14.195root 11241100x8000000000000000527892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd5d82d4211b9412021-12-21 11:25:14.195root 11241100x8000000000000000527893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed408f604843bb12021-12-21 11:25:14.195root 11241100x8000000000000000527894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ba87359f9e810a2021-12-21 11:25:14.195root 11241100x8000000000000000527895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cb31645d76d6c62021-12-21 11:25:14.195root 11241100x8000000000000000527896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea7eea812b2bcc22021-12-21 11:25:14.195root 11241100x8000000000000000527897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7be3de3a585c572021-12-21 11:25:14.195root 11241100x8000000000000000527898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6b9096f619c5062021-12-21 11:25:14.196root 11241100x8000000000000000527899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989cd9a24f0aef4a2021-12-21 11:25:14.196root 11241100x8000000000000000527900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dc44005bede4862021-12-21 11:25:14.196root 11241100x8000000000000000527901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7963e3f228018452021-12-21 11:25:14.196root 11241100x8000000000000000527902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f420459cecee63c22021-12-21 11:25:14.196root 11241100x8000000000000000527903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a7f22f3ef0a5442021-12-21 11:25:14.196root 11241100x8000000000000000527904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9219ea23625aa2e92021-12-21 11:25:14.693root 11241100x8000000000000000527905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf415c0baa52ea62021-12-21 11:25:14.694root 11241100x8000000000000000527906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1d0d13069b7bb2021-12-21 11:25:14.694root 11241100x8000000000000000527907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88566fe837ad50a72021-12-21 11:25:14.694root 11241100x8000000000000000527908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b99b9ac1d2711722021-12-21 11:25:14.694root 11241100x8000000000000000527909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b84f78ef6c8e3f2021-12-21 11:25:14.694root 11241100x8000000000000000527910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545227aef34543f52021-12-21 11:25:14.694root 11241100x8000000000000000527911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07175c9d075a9f22021-12-21 11:25:14.694root 11241100x8000000000000000527912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c2b05cf02ed3ab2021-12-21 11:25:14.694root 11241100x8000000000000000527913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ac62934c39e78a2021-12-21 11:25:14.694root 11241100x8000000000000000527914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379697ce71d0cc132021-12-21 11:25:14.695root 11241100x8000000000000000527915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d857954816e361862021-12-21 11:25:14.695root 11241100x8000000000000000527916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baadbad7e7d70ee2021-12-21 11:25:14.695root 11241100x8000000000000000527917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9cc97ee136e3f42021-12-21 11:25:14.695root 11241100x8000000000000000527918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ad1d15a8c975b2021-12-21 11:25:14.695root 11241100x8000000000000000527919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5995cd32f976e2021-12-21 11:25:14.695root 11241100x8000000000000000527920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d013ac986b90d0682021-12-21 11:25:14.695root 11241100x8000000000000000527921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455398706e00af022021-12-21 11:25:14.696root 11241100x8000000000000000527922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff4a05409f688c72021-12-21 11:25:14.696root 11241100x8000000000000000527923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3f5e8d93273262021-12-21 11:25:14.696root 11241100x8000000000000000527924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c80af93ab678d32021-12-21 11:25:14.696root 11241100x8000000000000000527925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6887e8e5f7d03fe2021-12-21 11:25:14.697root 11241100x8000000000000000527926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d697d8fce637d6792021-12-21 11:25:14.697root 11241100x8000000000000000527927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a270dff4b778bf812021-12-21 11:25:14.697root 11241100x8000000000000000527928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d55c2519a12a0f2021-12-21 11:25:14.697root 11241100x8000000000000000527929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f963b14b29c48322021-12-21 11:25:14.697root 11241100x8000000000000000527930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d14f17a1d964fce2021-12-21 11:25:14.697root 11241100x8000000000000000527931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da18090be3578532021-12-21 11:25:15.193root 11241100x8000000000000000527932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880cc7c90e61c402021-12-21 11:25:15.194root 11241100x8000000000000000527933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e05a1d2c83b15792021-12-21 11:25:15.194root 11241100x8000000000000000527934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b585e1174e3fae2021-12-21 11:25:15.194root 11241100x8000000000000000527935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140480bf1f8255db2021-12-21 11:25:15.194root 11241100x8000000000000000527936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5fbfe751a6e08f2021-12-21 11:25:15.194root 11241100x8000000000000000527937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7955838fc31d952021-12-21 11:25:15.194root 11241100x8000000000000000527938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd748eb741dc94f2021-12-21 11:25:15.194root 11241100x8000000000000000527939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e84d5b000972562021-12-21 11:25:15.194root 11241100x8000000000000000527940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e30c6286394b102021-12-21 11:25:15.194root 11241100x8000000000000000527941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66df9aa4c5a4b6e42021-12-21 11:25:15.194root 11241100x8000000000000000527942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be35ed90a828e8ce2021-12-21 11:25:15.194root 11241100x8000000000000000527943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3909dc854450c42021-12-21 11:25:15.194root 11241100x8000000000000000527944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f019dc8946ad9d2021-12-21 11:25:15.194root 11241100x8000000000000000527945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e3ebb90a0179ca2021-12-21 11:25:15.194root 11241100x8000000000000000527946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575564394925d66e2021-12-21 11:25:15.195root 11241100x8000000000000000527947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa39a0832f3ec782021-12-21 11:25:15.195root 11241100x8000000000000000527948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458ac5fa10b7b8972021-12-21 11:25:15.195root 11241100x8000000000000000527949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab266ec35b94f132021-12-21 11:25:15.195root 11241100x8000000000000000527950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a538717b70eca9af2021-12-21 11:25:15.195root 11241100x8000000000000000527951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6927c7f2ba4718fc2021-12-21 11:25:15.195root 11241100x8000000000000000527952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68a874cbfb699c72021-12-21 11:25:15.195root 11241100x8000000000000000527953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f953241acb40792021-12-21 11:25:15.195root 11241100x8000000000000000527954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40507506e715c23f2021-12-21 11:25:15.195root 11241100x8000000000000000527955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf4eda0e764c3d2021-12-21 11:25:15.195root 11241100x8000000000000000527956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a130cd4ec02b76ce2021-12-21 11:25:15.195root 11241100x8000000000000000527957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e9a63b8154d2322021-12-21 11:25:15.195root 11241100x8000000000000000527958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c65e8f5d676908f2021-12-21 11:25:15.694root 11241100x8000000000000000527959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b6f89a77724b992021-12-21 11:25:15.694root 11241100x8000000000000000527960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b98a693e5102412021-12-21 11:25:15.694root 11241100x8000000000000000527961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43eb0f78ba48fc42021-12-21 11:25:15.694root 11241100x8000000000000000527962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9fba692a013be72021-12-21 11:25:15.694root 11241100x8000000000000000527963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3398566d4b0e42021-12-21 11:25:15.694root 11241100x8000000000000000527964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10dd00feb0f38b32021-12-21 11:25:15.694root 11241100x8000000000000000527965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71330974eb9580672021-12-21 11:25:15.694root 11241100x8000000000000000527966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458b50548e17923e2021-12-21 11:25:15.694root 11241100x8000000000000000527967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd87f4378cbad22021-12-21 11:25:15.694root 11241100x8000000000000000527968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaf54525ae700152021-12-21 11:25:15.694root 11241100x8000000000000000527969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e860cc81a539b0c22021-12-21 11:25:15.694root 11241100x8000000000000000527970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe59f1c2a44f5e2021-12-21 11:25:15.694root 11241100x8000000000000000527971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daee36b28f81c3a42021-12-21 11:25:15.694root 11241100x8000000000000000527972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b85b9aa72c61b92021-12-21 11:25:15.694root 11241100x8000000000000000527973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44018a70b773ae62021-12-21 11:25:15.695root 11241100x8000000000000000527974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07195d4628267d132021-12-21 11:25:15.695root 11241100x8000000000000000527975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbb2530dc794b882021-12-21 11:25:15.695root 11241100x8000000000000000527976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68945ef20e4a19822021-12-21 11:25:15.695root 11241100x8000000000000000527977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a08e7642f6f5a62021-12-21 11:25:15.695root 11241100x8000000000000000527978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7696089a066089d92021-12-21 11:25:15.695root 11241100x8000000000000000527979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7305f16f753335b2021-12-21 11:25:15.695root 11241100x8000000000000000527980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e34883dc1fda072021-12-21 11:25:15.695root 354300x8000000000000000528009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:22.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48514-false10.0.1.12-8000- 11241100x8000000000000000528010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:22.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0a489d83e3af772021-12-21 11:25:22.442root 11241100x8000000000000000528011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fded3b51163f4a2f2021-12-21 11:25:22.942root 11241100x8000000000000000528012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3416750d93a35f22021-12-21 11:25:23.442root 11241100x8000000000000000528013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af125cbbd46860792021-12-21 11:25:23.942root 11241100x8000000000000000528014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb56f157bccfff112021-12-21 11:25:24.442root 11241100x8000000000000000528015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a906ff230f9011662021-12-21 11:25:24.942root 11241100x8000000000000000528016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fdadb373f2b5382021-12-21 11:25:25.442root 354300x8000000000000000528017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.449{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-35580-false10.0.1.12-8089- 11241100x8000000000000000528018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3491d69254d6645e2021-12-21 11:25:25.942root 11241100x8000000000000000528019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781b7cb9e4b14f072021-12-21 11:25:25.943root 11241100x8000000000000000528020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e729433dd503bb2021-12-21 11:25:26.442root 11241100x8000000000000000528021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695b69a675e655b42021-12-21 11:25:26.442root 11241100x8000000000000000528022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285645ecb1a591322021-12-21 11:25:26.942root 11241100x8000000000000000528023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddb70c53ae73bd82021-12-21 11:25:26.943root 354300x8000000000000000528024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.258{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48518-false10.0.1.12-8000- 11241100x8000000000000000528025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc297d49982cc3652021-12-21 11:25:27.259root 11241100x8000000000000000528026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c494945863e9b07d2021-12-21 11:25:27.259root 11241100x8000000000000000528027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2713c2b88b3794fe2021-12-21 11:25:27.692root 11241100x8000000000000000528028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224bfdc93eb610902021-12-21 11:25:27.693root 11241100x8000000000000000528029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137739f3e9bdbfbd2021-12-21 11:25:27.693root 11241100x8000000000000000528030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e89f5f1c829462021-12-21 11:25:28.192root 11241100x8000000000000000528031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5a8e3974d11de52021-12-21 11:25:28.193root 11241100x8000000000000000528032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4f51e75bbfb6852021-12-21 11:25:28.193root 11241100x8000000000000000528033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f6d28f7f57a782021-12-21 11:25:28.692root 11241100x8000000000000000528034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9782ef9da0767c2021-12-21 11:25:28.693root 11241100x8000000000000000528035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d379d5dc395e7942021-12-21 11:25:28.693root 11241100x8000000000000000528036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4173c189d5238df2021-12-21 11:25:29.192root 11241100x8000000000000000528037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d787cb0b9bf58b832021-12-21 11:25:29.193root 11241100x8000000000000000528038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7060815aba6fc72021-12-21 11:25:29.193root 11241100x8000000000000000528039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f49c0d1d58788b2021-12-21 11:25:29.692root 11241100x8000000000000000528040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f912bdbc39bd22021-12-21 11:25:29.693root 11241100x8000000000000000528041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674dd31fb147205f2021-12-21 11:25:29.693root 11241100x8000000000000000528042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d440c2971cdce552021-12-21 11:25:30.192root 11241100x8000000000000000528043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6720cedf7861b10a2021-12-21 11:25:30.193root 11241100x8000000000000000528044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c32410f627c1c2021-12-21 11:25:30.193root 11241100x8000000000000000528045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c803538b1cddc72021-12-21 11:25:30.692root 11241100x8000000000000000528046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fc3138d64c52882021-12-21 11:25:30.693root 11241100x8000000000000000528047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c11ea1fcda181b72021-12-21 11:25:30.693root 11241100x8000000000000000528048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de28ff8fb751f502021-12-21 11:25:31.192root 11241100x8000000000000000528049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838239b935db97942021-12-21 11:25:31.193root 11241100x8000000000000000528050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473804f16d4fdac42021-12-21 11:25:31.193root 11241100x8000000000000000528051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6001dc42ed2faab02021-12-21 11:25:31.692root 11241100x8000000000000000528052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb85158e4c3666cf2021-12-21 11:25:31.693root 11241100x8000000000000000528053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e868f3cc5cb2bba12021-12-21 11:25:31.693root 11241100x8000000000000000528054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149637ea9332313c2021-12-21 11:25:32.192root 11241100x8000000000000000528055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a498dddc712158822021-12-21 11:25:32.193root 11241100x8000000000000000528056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b621436a16cc6832021-12-21 11:25:32.193root 11241100x8000000000000000528057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63489cdafb1a7072021-12-21 11:25:32.692root 11241100x8000000000000000528058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94beb484f18f3a412021-12-21 11:25:32.693root 11241100x8000000000000000528059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0faefa1111f37c2021-12-21 11:25:32.693root 354300x8000000000000000528060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.166{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48520-false10.0.1.12-8000- 11241100x8000000000000000528061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13748fd93c9f5582021-12-21 11:25:33.166root 11241100x8000000000000000528062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdcc45c1d063572021-12-21 11:25:33.167root 11241100x8000000000000000528063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3306ea62f3ae6ca2021-12-21 11:25:33.167root 11241100x8000000000000000528064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f81c922437465d42021-12-21 11:25:33.167root 11241100x8000000000000000528065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9a6b040417a18f2021-12-21 11:25:33.442root 11241100x8000000000000000528066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4730548c81eb002021-12-21 11:25:33.443root 11241100x8000000000000000528067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1669a7d78dc3ce32021-12-21 11:25:33.443root 11241100x8000000000000000528068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82100f0a6c755ad2021-12-21 11:25:33.443root 11241100x8000000000000000528069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178703cd30acf6412021-12-21 11:25:33.942root 11241100x8000000000000000528070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec4bf3b61710e872021-12-21 11:25:33.943root 11241100x8000000000000000528071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7888f0d6e8db242021-12-21 11:25:33.943root 11241100x8000000000000000528072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcfd05e30b76ba32021-12-21 11:25:33.943root 11241100x8000000000000000528073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a53ae3e2e06fb672021-12-21 11:25:34.443root 11241100x8000000000000000528074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc996ee8f4e38c2021-12-21 11:25:34.443root 11241100x8000000000000000528075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1341334ff02474f2021-12-21 11:25:34.443root 11241100x8000000000000000528076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5348a22fb84f78592021-12-21 11:25:34.443root 11241100x8000000000000000528077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2769f51355154c9d2021-12-21 11:25:34.942root 11241100x8000000000000000528078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec8d0816c923b912021-12-21 11:25:34.943root 11241100x8000000000000000528079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839e0d40f4e2a0d12021-12-21 11:25:34.943root 11241100x8000000000000000528080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cc0d20d6fa58d52021-12-21 11:25:34.943root 11241100x8000000000000000528081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b50ea6d9306a202021-12-21 11:25:35.442root 11241100x8000000000000000528082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96acb397b2ae2ad22021-12-21 11:25:35.443root 11241100x8000000000000000528083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affa46eeb8023a0d2021-12-21 11:25:35.443root 11241100x8000000000000000528084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9399318c5beb182021-12-21 11:25:35.443root 11241100x8000000000000000528085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e841aaa200b574882021-12-21 11:25:35.942root 11241100x8000000000000000528086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfaf572c6691c182021-12-21 11:25:35.943root 11241100x8000000000000000528087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9163ea3f2d417d52021-12-21 11:25:35.943root 11241100x8000000000000000528088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb496e31bea62a32021-12-21 11:25:35.943root 11241100x8000000000000000528089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 11:25:36.328root 11241100x8000000000000000528090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa76ad71e0aacdc2021-12-21 11:25:36.329root 11241100x8000000000000000528091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e91fbb91d66bf92021-12-21 11:25:36.329root 11241100x8000000000000000528092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5be1f3694529982021-12-21 11:25:36.329root 11241100x8000000000000000528093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79827e7c794f9b292021-12-21 11:25:36.329root 11241100x8000000000000000528094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7b6c54754070132021-12-21 11:25:36.329root 11241100x8000000000000000528095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142407d786520c0a2021-12-21 11:25:36.693root 11241100x8000000000000000528096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0dfaead26c14832021-12-21 11:25:36.693root 11241100x8000000000000000528097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43daae48a1a3bfea2021-12-21 11:25:36.693root 11241100x8000000000000000528098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e651795aae01652021-12-21 11:25:36.693root 11241100x8000000000000000528099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c879632b53b00412021-12-21 11:25:36.693root 11241100x8000000000000000528100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a77ec8af273b822021-12-21 11:25:37.193root 11241100x8000000000000000528101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f98742c550bd6152021-12-21 11:25:37.193root 11241100x8000000000000000528102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb309fafd0f5eec2021-12-21 11:25:37.193root 11241100x8000000000000000528103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2f689b770c3e622021-12-21 11:25:37.193root 11241100x8000000000000000528104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1b39c0753481b52021-12-21 11:25:37.193root 11241100x8000000000000000528105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b081facdbf112992021-12-21 11:25:37.693root 11241100x8000000000000000528106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1916a02e82e176672021-12-21 11:25:37.693root 11241100x8000000000000000528107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b98d3ea72194bca2021-12-21 11:25:37.693root 11241100x8000000000000000528108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5babdf72072b063b2021-12-21 11:25:37.693root 11241100x8000000000000000528109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60c7f8c025ae11e2021-12-21 11:25:37.693root 11241100x8000000000000000528110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d6ea571e5e13c42021-12-21 11:25:38.193root 11241100x8000000000000000528111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43866c76e45180e2021-12-21 11:25:38.193root 11241100x8000000000000000528112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7510e00bc54929a2021-12-21 11:25:38.193root 11241100x8000000000000000528113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e15b33a8ba19092021-12-21 11:25:38.193root 11241100x8000000000000000528114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4665b687132b39d2021-12-21 11:25:38.193root 354300x8000000000000000528115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48522-false10.0.1.12-8000- 11241100x8000000000000000528116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12d8a46785dc1c2021-12-21 11:25:38.693root 11241100x8000000000000000528117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211f431a0ff1f2c32021-12-21 11:25:38.693root 11241100x8000000000000000528118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d9d81131c50312021-12-21 11:25:38.693root 11241100x8000000000000000528119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb1f347204d48a12021-12-21 11:25:38.693root 11241100x8000000000000000528120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabe815e43739e982021-12-21 11:25:38.693root 11241100x8000000000000000528121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa462a663495e362021-12-21 11:25:38.693root 11241100x8000000000000000528122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62134aca3a2d4e842021-12-21 11:25:39.193root 11241100x8000000000000000528123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b5d220197ae102021-12-21 11:25:39.193root 11241100x8000000000000000528124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe48a84f2a2caab2021-12-21 11:25:39.193root 11241100x8000000000000000528125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae5c27f925790af2021-12-21 11:25:39.193root 11241100x8000000000000000528126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58c8e76d7a7a8e2021-12-21 11:25:39.193root 11241100x8000000000000000528127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7430ce79a7c163162021-12-21 11:25:39.193root 23542300x8000000000000000528128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.328{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000528129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643c49daa4bf3272021-12-21 11:25:39.693root 11241100x8000000000000000528130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547e1e2e8cd74b322021-12-21 11:25:39.693root 11241100x8000000000000000528131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69da09d63be9f702021-12-21 11:25:39.693root 11241100x8000000000000000528132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff1f2e526fb25da2021-12-21 11:25:39.693root 11241100x8000000000000000528133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e515dd5e3dc2442021-12-21 11:25:39.693root 11241100x8000000000000000528134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3241c5da208dd3112021-12-21 11:25:39.693root 11241100x8000000000000000528135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac439874fceba4f2021-12-21 11:25:39.693root 11241100x8000000000000000528136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52427bd0a17c8bbb2021-12-21 11:25:40.193root 11241100x8000000000000000528137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a51f22328deb4f2021-12-21 11:25:40.193root 11241100x8000000000000000528138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3bc5b5fbd55602021-12-21 11:25:40.193root 11241100x8000000000000000528139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6459e09dc5efe9682021-12-21 11:25:40.193root 11241100x8000000000000000528140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c6d691b568e02a2021-12-21 11:25:40.193root 11241100x8000000000000000528141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67a8acddb273f742021-12-21 11:25:40.193root 11241100x8000000000000000528142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88dd15b1f0a12612021-12-21 11:25:40.193root 11241100x8000000000000000528143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3806fb9aa2c197f22021-12-21 11:25:40.693root 11241100x8000000000000000528144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d166bba37946f392021-12-21 11:25:40.693root 11241100x8000000000000000528145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1045efb55739227b2021-12-21 11:25:40.693root 11241100x8000000000000000528146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba4affe610119a32021-12-21 11:25:40.693root 11241100x8000000000000000528147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da66400238353db2021-12-21 11:25:40.693root 11241100x8000000000000000528148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d5a0af84732d62021-12-21 11:25:40.693root 11241100x8000000000000000528149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277f620bce69fa6f2021-12-21 11:25:40.693root 11241100x8000000000000000528150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652701e321a8990f2021-12-21 11:25:41.193root 11241100x8000000000000000528151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a6d4bf691d5d42021-12-21 11:25:41.193root 11241100x8000000000000000528152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171a74f962f3066f2021-12-21 11:25:41.193root 11241100x8000000000000000528153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df2d17dd32f4312021-12-21 11:25:41.193root 11241100x8000000000000000528154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f325bb6ce615b32021-12-21 11:25:41.193root 11241100x8000000000000000528155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e32b426147ed92021-12-21 11:25:41.193root 11241100x8000000000000000528156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1ae3f9e10e59902021-12-21 11:25:41.193root 11241100x8000000000000000528157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b517de00c39b792021-12-21 11:25:41.693root 11241100x8000000000000000528158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2b2cecab2dd3842021-12-21 11:25:41.693root 11241100x8000000000000000528159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd548f61006d8072021-12-21 11:25:41.693root 11241100x8000000000000000528160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ee6f114ffb24a72021-12-21 11:25:41.693root 11241100x8000000000000000528161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31531de95e1eba382021-12-21 11:25:41.693root 11241100x8000000000000000528162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871212c4dbe9a73c2021-12-21 11:25:41.693root 11241100x8000000000000000528163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd82bb875354c002021-12-21 11:25:41.693root 11241100x8000000000000000528164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44384eabc7d233532021-12-21 11:25:42.193root 11241100x8000000000000000528165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a394eb301e2382021-12-21 11:25:42.194root 11241100x8000000000000000528166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83522e4d12fe490d2021-12-21 11:25:42.194root 11241100x8000000000000000528167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e1cd928d56bb9c2021-12-21 11:25:42.194root 11241100x8000000000000000528168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9244c280379256a92021-12-21 11:25:42.194root 11241100x8000000000000000528169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ba7cbabbab6e812021-12-21 11:25:42.194root 11241100x8000000000000000528170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e0b6bdd948515e2021-12-21 11:25:42.195root 11241100x8000000000000000528171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3431e6c32dde27572021-12-21 11:25:42.692root 11241100x8000000000000000528172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632f44ef4542dc682021-12-21 11:25:42.693root 11241100x8000000000000000528173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff041fedfdaec3a2021-12-21 11:25:42.693root 11241100x8000000000000000528174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de85565a29a10b72021-12-21 11:25:42.693root 11241100x8000000000000000528175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1cbbb4a6d976322021-12-21 11:25:42.693root 11241100x8000000000000000528176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c9c43db15da8d2021-12-21 11:25:42.693root 11241100x8000000000000000528177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a008ba92d4e4032021-12-21 11:25:42.693root 11241100x8000000000000000528178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ffbf88700acfcb2021-12-21 11:25:43.193root 11241100x8000000000000000528179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b52321847006f92021-12-21 11:25:43.193root 11241100x8000000000000000528180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8f0e0b590755132021-12-21 11:25:43.193root 11241100x8000000000000000528181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9855498c46c43f372021-12-21 11:25:43.193root 11241100x8000000000000000528182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7287e37953ee208c2021-12-21 11:25:43.193root 11241100x8000000000000000528183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f291357c506c8fba2021-12-21 11:25:43.193root 11241100x8000000000000000528184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310a1e1c4009568b2021-12-21 11:25:43.193root 11241100x8000000000000000528185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe10390a79a45512021-12-21 11:25:43.693root 11241100x8000000000000000528186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee441b26a3da5ad2021-12-21 11:25:43.693root 11241100x8000000000000000528187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a364d19bd32c47b72021-12-21 11:25:43.693root 11241100x8000000000000000528188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f570e1d99aaee722021-12-21 11:25:43.693root 11241100x8000000000000000528189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a621ff3a09ee75ff2021-12-21 11:25:43.693root 11241100x8000000000000000528190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e749057363382652021-12-21 11:25:43.693root 11241100x8000000000000000528191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e201b6819bf3f5472021-12-21 11:25:43.693root 11241100x8000000000000000528192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6ac6427f825af62021-12-21 11:25:44.193root 11241100x8000000000000000528193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ad033327c32dc2021-12-21 11:25:44.193root 11241100x8000000000000000528194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37659924665df102021-12-21 11:25:44.193root 11241100x8000000000000000528195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f445e48a8bb8c672021-12-21 11:25:44.193root 11241100x8000000000000000528196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176be57c9135b7b72021-12-21 11:25:44.193root 11241100x8000000000000000528197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc7b22f75823a4d2021-12-21 11:25:44.193root 11241100x8000000000000000528198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc574d1aa78681d42021-12-21 11:25:44.193root 354300x8000000000000000528199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.227{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48524-false10.0.1.12-8000- 11241100x8000000000000000528200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecca87899e518422021-12-21 11:25:44.693root 11241100x8000000000000000528201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a097f80d12991172021-12-21 11:25:44.693root 11241100x8000000000000000528202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e329cde8f799f8d82021-12-21 11:25:44.693root 11241100x8000000000000000528203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954c63151bb2ca2f2021-12-21 11:25:44.693root 11241100x8000000000000000528204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead8ec02dd6337b02021-12-21 11:25:44.693root 11241100x8000000000000000528205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cca03d6fae74a562021-12-21 11:25:44.694root 11241100x8000000000000000528206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dba7d58d10653df2021-12-21 11:25:44.694root 11241100x8000000000000000528207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f458ce0dec8a8e2021-12-21 11:25:44.694root 11241100x8000000000000000528208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1158c3697e660ef02021-12-21 11:25:45.193root 11241100x8000000000000000528209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b7a5d7b3d275bd2021-12-21 11:25:45.193root 11241100x8000000000000000528210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73796ceaa20e41fe2021-12-21 11:25:45.193root 11241100x8000000000000000528211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93954434c5785bd2021-12-21 11:25:45.193root 11241100x8000000000000000528212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c58b48691cdb72021-12-21 11:25:45.193root 11241100x8000000000000000528213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605375dae1a5e6942021-12-21 11:25:45.193root 11241100x8000000000000000528214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9334d7cee46cc82021-12-21 11:25:45.193root 11241100x8000000000000000528215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac195a36039c4342021-12-21 11:25:45.193root 11241100x8000000000000000528216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa43ae7f646d2da2021-12-21 11:25:45.693root 11241100x8000000000000000528217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e50d8069e832c32021-12-21 11:25:45.693root 11241100x8000000000000000528218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f1c9748b65f8ca2021-12-21 11:25:45.693root 11241100x8000000000000000528219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a061bddd4b4a342021-12-21 11:25:45.693root 11241100x8000000000000000528220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d7cd8fcc74127a2021-12-21 11:25:45.693root 11241100x8000000000000000528221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a79d95aa5a374992021-12-21 11:25:45.693root 11241100x8000000000000000528222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b6362ab843f6b72021-12-21 11:25:45.693root 11241100x8000000000000000528223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65a4457fadb31d2021-12-21 11:25:45.693root 11241100x8000000000000000528224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08416669f979b4b2021-12-21 11:25:46.193root 11241100x8000000000000000528225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a6607111b281d82021-12-21 11:25:46.193root 11241100x8000000000000000528226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51aebef8349024a2021-12-21 11:25:46.193root 11241100x8000000000000000528227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84ff2073899c7f42021-12-21 11:25:46.193root 11241100x8000000000000000528228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240e5aca1d61846e2021-12-21 11:25:46.193root 11241100x8000000000000000528229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35311886f62928bf2021-12-21 11:25:46.193root 11241100x8000000000000000528230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375bd64137663d652021-12-21 11:25:46.193root 11241100x8000000000000000528231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89328af15d0318652021-12-21 11:25:46.193root 11241100x8000000000000000528232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4a63e6730fc58b2021-12-21 11:25:46.693root 11241100x8000000000000000528233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca6e17d315af4132021-12-21 11:25:46.693root 11241100x8000000000000000528234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12769d1afb28ee302021-12-21 11:25:46.693root 11241100x8000000000000000528235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e13ed4367a4ce732021-12-21 11:25:46.693root 11241100x8000000000000000528236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680adee0e140f9542021-12-21 11:25:46.693root 11241100x8000000000000000528237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eb0ba9051b00c72021-12-21 11:25:46.694root 11241100x8000000000000000528238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1af843f8ea1962021-12-21 11:25:46.694root 11241100x8000000000000000528239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166d1ae99c7f6ced2021-12-21 11:25:46.694root 11241100x8000000000000000528240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c091222cbbf7f2021-12-21 11:25:47.193root 11241100x8000000000000000528241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb27d0fec69ae2f2021-12-21 11:25:47.193root 11241100x8000000000000000528242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418273b42121f8f02021-12-21 11:25:47.193root 11241100x8000000000000000528243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f95831d25323462021-12-21 11:25:47.193root 11241100x8000000000000000528244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881e6b2cbb96ccc2021-12-21 11:25:47.193root 11241100x8000000000000000528245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc5ffa291b38b902021-12-21 11:25:47.193root 11241100x8000000000000000528246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa29fb04b6b991862021-12-21 11:25:47.193root 11241100x8000000000000000528247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765aefa0c7b50fa2021-12-21 11:25:47.193root 11241100x8000000000000000528248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea8a2328bf55232021-12-21 11:25:47.692root 11241100x8000000000000000528249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed5207d94fda5212021-12-21 11:25:47.693root 11241100x8000000000000000528250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe4cfc1b1a207d2021-12-21 11:25:47.693root 11241100x8000000000000000528251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5578ba4d26cc452021-12-21 11:25:47.693root 11241100x8000000000000000528252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351425354fe91bfa2021-12-21 11:25:47.693root 11241100x8000000000000000528253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68293242747e8172021-12-21 11:25:47.693root 11241100x8000000000000000528254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27bc4f0c30bdd32021-12-21 11:25:47.693root 11241100x8000000000000000528255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f55c3834c8a762e2021-12-21 11:25:47.693root 11241100x8000000000000000528256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53223596d5517d612021-12-21 11:25:48.193root 11241100x8000000000000000528257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bf3f6deaf413402021-12-21 11:25:48.193root 11241100x8000000000000000528258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4026109c9510b1302021-12-21 11:25:48.193root 11241100x8000000000000000528259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d528de5bbc564ba62021-12-21 11:25:48.193root 11241100x8000000000000000528260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cdb340151aeae92021-12-21 11:25:48.193root 11241100x8000000000000000528261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38784905952a75cf2021-12-21 11:25:48.193root 11241100x8000000000000000528262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9bd4ce6da64c292021-12-21 11:25:48.193root 11241100x8000000000000000528263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8bf26e45f9f5572021-12-21 11:25:48.193root 11241100x8000000000000000528264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6500e09d00eb3d0a2021-12-21 11:25:48.693root 11241100x8000000000000000528265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4919b118ddb4bc8f2021-12-21 11:25:48.693root 11241100x8000000000000000528266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ad5eaf2845f3d32021-12-21 11:25:48.693root 11241100x8000000000000000528267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ae3b849b1b8ee52021-12-21 11:25:48.693root 11241100x8000000000000000528268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a053fd19cd2f522021-12-21 11:25:48.693root 11241100x8000000000000000528269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb08cd7e4a80d73b2021-12-21 11:25:48.693root 11241100x8000000000000000528270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda112991fb975622021-12-21 11:25:48.693root 11241100x8000000000000000528271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c644bc6703ac3bb2021-12-21 11:25:48.693root 11241100x8000000000000000528272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38226c4a9dc062b2021-12-21 11:25:49.193root 11241100x8000000000000000528273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76873b7a3ffb1f1b2021-12-21 11:25:49.193root 11241100x8000000000000000528274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cc6ac855bfc5282021-12-21 11:25:49.193root 11241100x8000000000000000528275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e184e2d4e2cf06662021-12-21 11:25:49.193root 11241100x8000000000000000528276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0179e603824281f52021-12-21 11:25:49.193root 11241100x8000000000000000528277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64316cfcd62143f2021-12-21 11:25:49.194root 11241100x8000000000000000528278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7ded92554bcf22021-12-21 11:25:49.194root 11241100x8000000000000000528279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ea426bb6d826962021-12-21 11:25:49.194root 11241100x8000000000000000528280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb61b155ad307892021-12-21 11:25:49.693root 11241100x8000000000000000528281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba023efab4988402021-12-21 11:25:49.693root 11241100x8000000000000000528282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223341db79c8dab02021-12-21 11:25:49.693root 11241100x8000000000000000528283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4263279a67ca8362021-12-21 11:25:49.693root 11241100x8000000000000000528284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f59f47d1f4fac62021-12-21 11:25:49.693root 11241100x8000000000000000528285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4013f6c5d6e1c22021-12-21 11:25:49.693root 11241100x8000000000000000528286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103ee7e2a43e2e4f2021-12-21 11:25:49.693root 11241100x8000000000000000528287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d916b29dba9a492021-12-21 11:25:49.693root 354300x8000000000000000528288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.036{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48526-false10.0.1.12-8000- 11241100x8000000000000000528289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e21948bc99b4fa2021-12-21 11:25:50.038root 11241100x8000000000000000528290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0092be2332c68a12021-12-21 11:25:50.038root 11241100x8000000000000000528291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7520308eaed9b4272021-12-21 11:25:50.038root 11241100x8000000000000000528292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6460962a2d45c88a2021-12-21 11:25:50.038root 11241100x8000000000000000528293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0857a29e46ab0ae2021-12-21 11:25:50.038root 11241100x8000000000000000528294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b77e4fde0fef4262021-12-21 11:25:50.038root 11241100x8000000000000000528295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec2539f66bfbb692021-12-21 11:25:50.038root 11241100x8000000000000000528296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad97e25f962c49ef2021-12-21 11:25:50.038root 11241100x8000000000000000528297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a59f4ffdb5793e2021-12-21 11:25:50.038root 11241100x8000000000000000528298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a1b86ace2c14062021-12-21 11:25:50.443root 11241100x8000000000000000528299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b49a19f0a6c7eff2021-12-21 11:25:50.443root 11241100x8000000000000000528300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4df2e69a4757262021-12-21 11:25:50.443root 11241100x8000000000000000528301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12252ab537ffd6c2021-12-21 11:25:50.443root 11241100x8000000000000000528302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9adcf3dcab8f3e82021-12-21 11:25:50.444root 11241100x8000000000000000528303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fcf0dd85d852062021-12-21 11:25:50.444root 11241100x8000000000000000528304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbb6888b1e08f432021-12-21 11:25:50.444root 11241100x8000000000000000528305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd1fc9cde52df372021-12-21 11:25:50.444root 11241100x8000000000000000528306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6792d9e78ee47c2021-12-21 11:25:50.444root 11241100x8000000000000000528307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caa5027633ba7de2021-12-21 11:25:50.943root 11241100x8000000000000000528308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62646c6ed73d907e2021-12-21 11:25:50.943root 11241100x8000000000000000528309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9598cbd7fbd3472021-12-21 11:25:50.943root 11241100x8000000000000000528310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d27ef8e5c699f12021-12-21 11:25:50.943root 11241100x8000000000000000528311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e7188262375a42021-12-21 11:25:50.943root 11241100x8000000000000000528312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964d93b1ccddc362021-12-21 11:25:50.943root 11241100x8000000000000000528313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332ce9cf227e6cdc2021-12-21 11:25:50.943root 11241100x8000000000000000528314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591b2ac7aeb045ed2021-12-21 11:25:50.943root 11241100x8000000000000000528315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca0a55403d8fba2021-12-21 11:25:50.943root 11241100x8000000000000000528316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2e216aa2176e912021-12-21 11:25:51.443root 11241100x8000000000000000528317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fc6aabd012cb332021-12-21 11:25:51.443root 11241100x8000000000000000528318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1788b388a465dc642021-12-21 11:25:51.443root 11241100x8000000000000000528319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f6a8f84f2f64e32021-12-21 11:25:51.443root 11241100x8000000000000000528320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adee16728ab886b2021-12-21 11:25:51.443root 11241100x8000000000000000528321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888566d5699673cf2021-12-21 11:25:51.443root 11241100x8000000000000000528322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c7ffbccdbfd84b2021-12-21 11:25:51.443root 11241100x8000000000000000528323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e487b7b6170632802021-12-21 11:25:51.443root 11241100x8000000000000000528324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069e6215336801be2021-12-21 11:25:51.443root 11241100x8000000000000000528325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d91c69ec58e2e2021-12-21 11:25:51.943root 11241100x8000000000000000528326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c40e7b346c7cb22021-12-21 11:25:51.943root 11241100x8000000000000000528327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09322f7c01d51c882021-12-21 11:25:51.943root 11241100x8000000000000000528328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8927ae92dbe5c5582021-12-21 11:25:51.943root 11241100x8000000000000000528329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575cc21677ccb9cf2021-12-21 11:25:51.943root 11241100x8000000000000000528330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28adc987ef2bfd0c2021-12-21 11:25:51.943root 11241100x8000000000000000528331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cdb51c919557732021-12-21 11:25:51.943root 11241100x8000000000000000528332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b44afcac342c252021-12-21 11:25:51.943root 11241100x8000000000000000528333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44b364cc0c1244b2021-12-21 11:25:51.943root 11241100x8000000000000000528334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b829e7e882937552021-12-21 11:25:52.442root 11241100x8000000000000000528335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edc763c53b753822021-12-21 11:25:52.443root 11241100x8000000000000000528336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5d12eb4d3177782021-12-21 11:25:52.443root 11241100x8000000000000000528337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105254b77c6dd0262021-12-21 11:25:52.443root 11241100x8000000000000000528338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dde5c58990f1e182021-12-21 11:25:52.443root 11241100x8000000000000000528339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b41d358ed6ab3f2021-12-21 11:25:52.444root 11241100x8000000000000000528340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5739de155cc60cbe2021-12-21 11:25:52.444root 11241100x8000000000000000528341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b449b85999358e7b2021-12-21 11:25:52.444root 11241100x8000000000000000528342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d15b10f2f9435af2021-12-21 11:25:52.444root 11241100x8000000000000000528343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8452451d98800c592021-12-21 11:25:52.943root 11241100x8000000000000000528344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b7bdc293e3ccab2021-12-21 11:25:52.943root 11241100x8000000000000000528345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a1fdc504639462021-12-21 11:25:52.943root 11241100x8000000000000000528346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21d92814284aa22021-12-21 11:25:52.943root 11241100x8000000000000000528347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71495af50c368e952021-12-21 11:25:52.943root 11241100x8000000000000000528348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d4880bd6bcd5cd2021-12-21 11:25:52.943root 11241100x8000000000000000528349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d890a6ce8ca93c2021-12-21 11:25:52.943root 11241100x8000000000000000528350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526eaf6a8ccecd662021-12-21 11:25:52.943root 11241100x8000000000000000528351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1bb3fc5e82460b2021-12-21 11:25:52.943root 11241100x8000000000000000528352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8a713a7c2b4c92021-12-21 11:25:53.443root 11241100x8000000000000000528353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4f0d1a33646a3b2021-12-21 11:25:53.443root 11241100x8000000000000000528354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33986c8d49af7e2021-12-21 11:25:53.443root 11241100x8000000000000000528355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2ddeaaa3437132021-12-21 11:25:53.443root 11241100x8000000000000000528356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fa736fbe9947e32021-12-21 11:25:53.443root 11241100x8000000000000000528357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9842cc6d5611b2852021-12-21 11:25:53.443root 11241100x8000000000000000528358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9935d76747006d272021-12-21 11:25:53.443root 11241100x8000000000000000528359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56533ecb33d2c5382021-12-21 11:25:53.443root 11241100x8000000000000000528360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e165f71f117a72021-12-21 11:25:53.443root 11241100x8000000000000000528361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d60f07b0485bf52021-12-21 11:25:53.943root 11241100x8000000000000000528362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcee3b4666e249862021-12-21 11:25:53.943root 11241100x8000000000000000528363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4b5fc4307fee42021-12-21 11:25:53.943root 11241100x8000000000000000528364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e8b1d78c0aba7c2021-12-21 11:25:53.943root 11241100x8000000000000000528365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0436959c1daab0a72021-12-21 11:25:53.943root 11241100x8000000000000000528366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f32b3fe7b2cc052021-12-21 11:25:53.943root 11241100x8000000000000000528367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f63f0825d0cfc82021-12-21 11:25:53.943root 11241100x8000000000000000528368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f598c740e6ffe22021-12-21 11:25:53.944root 11241100x8000000000000000528369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4019bc1399711c9d2021-12-21 11:25:53.944root 11241100x8000000000000000528370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc8e0d6e4dadf892021-12-21 11:25:54.443root 11241100x8000000000000000528371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36e96aed8e3b77a2021-12-21 11:25:54.443root 11241100x8000000000000000528372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b6d26503f09e082021-12-21 11:25:54.443root 11241100x8000000000000000528373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b2093df80721ef2021-12-21 11:25:54.443root 11241100x8000000000000000528374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc971c60bfdb992021-12-21 11:25:54.443root 11241100x8000000000000000528375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef016e17ca97e21f2021-12-21 11:25:54.443root 11241100x8000000000000000528376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d8adf3e321408f2021-12-21 11:25:54.443root 11241100x8000000000000000528377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e135ba3eb45839892021-12-21 11:25:54.443root 11241100x8000000000000000528378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198b3216376df2752021-12-21 11:25:54.443root 11241100x8000000000000000528379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22f41bb2da1fc12021-12-21 11:25:54.943root 11241100x8000000000000000528380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712a6b70f7b51442021-12-21 11:25:54.943root 11241100x8000000000000000528381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a70b01d44ebb03c2021-12-21 11:25:54.943root 11241100x8000000000000000528382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e0306c4cdf0652021-12-21 11:25:54.943root 11241100x8000000000000000528383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b4008f7b186b62021-12-21 11:25:54.943root 11241100x8000000000000000528384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4075507ef5a442021-12-21 11:25:54.943root 11241100x8000000000000000528385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b2cf0c3b2afd02021-12-21 11:25:54.943root 11241100x8000000000000000528386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec546e42fc41b0662021-12-21 11:25:54.943root 11241100x8000000000000000528387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6cfe0b1eb93d8a2021-12-21 11:25:54.943root 354300x8000000000000000528388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.226{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-48528-false10.0.1.12-8000- 11241100x8000000000000000528389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583728fe51e050e32021-12-21 11:25:55.227root 11241100x8000000000000000528390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2ccc3eaaf32e132021-12-21 11:25:55.228root 11241100x8000000000000000528391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927891f85483a4b02021-12-21 11:25:55.228root 11241100x8000000000000000528392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e445bf720d6d63fa2021-12-21 11:25:55.228root 11241100x8000000000000000528393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc673fe231ab6552021-12-21 11:25:55.228root 11241100x8000000000000000528394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da356a03a528f08a2021-12-21 11:25:55.228root 11241100x8000000000000000528395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98852c41c78c48712021-12-21 11:25:55.228root 11241100x8000000000000000528396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be8c200f3ba59c02021-12-21 11:25:55.228root 11241100x8000000000000000528397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fefc0d177afb12f2021-12-21 11:25:55.228root 11241100x8000000000000000528398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbff3917577cd3a2021-12-21 11:25:55.228root 11241100x8000000000000000528399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77dea63b674cc7d2021-12-21 11:25:55.693root 11241100x8000000000000000528400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a12b80cfb4ee9cc2021-12-21 11:25:55.693root 11241100x8000000000000000528401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b0cf51785106e02021-12-21 11:25:55.693root 11241100x8000000000000000528402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dda5586e4a2450a2021-12-21 11:25:55.693root 11241100x8000000000000000528403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c71aca51f8f666e2021-12-21 11:25:55.694root 11241100x8000000000000000528404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1b5677ed40dda12021-12-21 11:25:55.694root 11241100x8000000000000000528405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bd8ec9bef610072021-12-21 11:25:55.694root 11241100x8000000000000000528406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6ffc3ea6386d672021-12-21 11:25:55.694root 11241100x8000000000000000528407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9348099224112992021-12-21 11:25:55.694root 11241100x8000000000000000528408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bffc8ac572c12f92021-12-21 11:25:55.694root 11241100x8000000000000000528409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6301331d596772021-12-21 11:25:56.192root 11241100x8000000000000000528410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96483fea413703fe2021-12-21 11:25:56.193root 11241100x8000000000000000528411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc29b4130acbe9682021-12-21 11:25:56.193root 11241100x8000000000000000528412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105389d69bf205912021-12-21 11:25:56.193root 11241100x8000000000000000528413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085f6da68154018b2021-12-21 11:25:56.193root 11241100x8000000000000000528414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c2e65d59951c292021-12-21 11:25:56.193root 11241100x8000000000000000528415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80ecc62980de91c2021-12-21 11:25:56.193root 11241100x8000000000000000528416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4f322de71b634d2021-12-21 11:25:56.193root 11241100x8000000000000000528417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec12c308a9b72c642021-12-21 11:25:56.193root 11241100x8000000000000000528418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247167a017319f22021-12-21 11:25:56.193root 11241100x8000000000000000528419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f287f99fde1907372021-12-21 11:25:56.193root 11241100x8000000000000000528420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a2f296af6c88682021-12-21 11:25:56.193root 11241100x8000000000000000528421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e57ea81585a2d722021-12-21 11:25:56.194root 11241100x8000000000000000528422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb73ab431c69e1772021-12-21 11:25:56.194root 11241100x8000000000000000528423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef923401787825512021-12-21 11:25:56.194root 11241100x8000000000000000528424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00203ce4d2ce42712021-12-21 11:25:56.693root 11241100x8000000000000000528425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6987ee38ac4b1312021-12-21 11:25:56.693root 11241100x8000000000000000528426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34519b904bc948cb2021-12-21 11:25:56.693root 11241100x8000000000000000528427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a46ee34ee2fa8d22021-12-21 11:25:56.693root 11241100x8000000000000000528428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579c1d44ac19191b2021-12-21 11:25:56.693root 11241100x8000000000000000528429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18e9e4499c790c12021-12-21 11:25:56.693root 11241100x8000000000000000528430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36373fdd42e35e602021-12-21 11:25:56.693root 11241100x8000000000000000528431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322ff892bbc169d02021-12-21 11:25:56.693root 11241100x8000000000000000528432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb2f7d4722c3d882021-12-21 11:25:56.694root 11241100x8000000000000000528433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3889ade2bb3ce1a22021-12-21 11:25:56.694root 11241100x8000000000000000528434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774bc6267735869e2021-12-21 11:25:57.193root 11241100x8000000000000000528435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f664fd11e73202021-12-21 11:25:57.193root 11241100x8000000000000000528436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119cf0cae53db432021-12-21 11:25:57.193root 11241100x8000000000000000528437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb867e18f71c7d2021-12-21 11:25:57.193root 11241100x8000000000000000528438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926371bb0e2dd4702021-12-21 11:25:57.193root 11241100x8000000000000000528439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6d0c38138913b2021-12-21 11:25:57.193root 11241100x8000000000000000528440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4f45aa9a06cbdc2021-12-21 11:25:57.193root 11241100x8000000000000000528441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24739bab4426cd02021-12-21 11:25:57.193root 11241100x8000000000000000528442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b7dd826a7778712021-12-21 11:25:57.193root 11241100x8000000000000000528443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deee873d9fbe36982021-12-21 11:25:57.193root 11241100x8000000000000000528444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a54c938cdb2c642021-12-21 11:25:57.693root 11241100x8000000000000000528445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaea6e262233e212021-12-21 11:25:57.693root 11241100x8000000000000000528446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc850308f3ba5e32021-12-21 11:25:57.693root 11241100x8000000000000000528447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa3d41eeb4e92752021-12-21 11:25:57.693root 11241100x8000000000000000528448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0cb5fbf008c4af2021-12-21 11:25:57.693root 11241100x8000000000000000528449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a19f9443df8e582021-12-21 11:25:57.693root 11241100x8000000000000000528450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 11:25:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e9317dad2112652021-12-21 11:25:57.693root 11241100x8000000000000000528451Linux-Sysmo